Privacy
Page
You are a business customer of Verisure
Summary - Privacy Notice for Business Customers
If you are a business representative or an assigned user
General information and the scope of this Privacy Notice
Your right to data protection is very important for us at Verisure. We aim to ensure that you feel comfortable about our processing of your personal data. The purpose of this privacy notice (“Privacy Notice”) is to provide information about how we ensure that your personal data is processed in compliance with applicable data protection legislation. This Privacy Notice concerns the processing of personal data when a business customer (“Business Customer”) uses our services, including our products provided for the delivery of our security alarm monitoring services, devices and cameras (“Services”). As such, this Privacy Notice applies to you as the representative of our business customers (“Business Representative”) and, when applicable, you as a user assigned by our Business Customer (“Assigned User”) who uses our Services.
The Business Customer is asked to ensure that this Privacy Notice is shared with their Business Representatives and Assigned Users.
If you are a Residential Customer, please find the applicable Privacy Notice here.
If you visit a business premises using Verisure Services, please find the applicable Privacy Notice here.
If you visit a residential premises using Verisure Services, please find the applicable Privacy Notice here.
Verisure is the data controller for the processing of your personal data in accordance with this Privacy Notice and we are thus responsible for ensuring that our processing of personal data complies with applicable data protection legislation. For certain processing of personal data, the Business Customer is the data controller, either independently or jointly with Verisure .
When we are processing personal data as a data controller, we ensure that applicable data protection legislation is always complied with and that we only process your personal data for the purposes described in this Privacy Notice.
For more information about the Services which you have chosen to use and the functionality of those Services, please refer to Verisure's General Terms and Conditions, Terms of Service as well as available instructions and manuals, available upon request. Our Data Processing Agreement (Appendix I and II - Data Processing Agreement and Joint Controller Arrangement) can be found here.
How and why we process your personal data
We only process your personal data if the processing is necessary to fulfil the purposes of the processing described below.
We process your personal data for the following purposes:
Establishment and maintenance of the customer relationship
To enter into a contract with the Business Customer
To administer the contract with the Business Customers, including payments for Services
To administer and enable the existing and returning customer relationship with the utmost care
Provision of Services
To monitor the premises through the Services
To manage alarm triggering events
To follow up previous alarm triggering events
To ensure that we meet our legal obligations to previously active customers
Provision of support to the Business Customers in relation to the Services
To provide customer service and technical support in relation to our Services
To assist Business Customers in case of an insurance claim or other legal claims
To handle customer complaints
To cooperate with law enforcement or regulators to fight crime, comply with our legal obligations or protect the security interests of our Business Customers
Development of Verisure’s Services
Quality assurance
Training of Verisure’s personnel
Development of Verisure’s Services
Provision of Verisure App and MyPages
Provision of the Verisure web shop
To provide and administer the Business Customer’s orders in our online shop
Marketing and analytics
To market our Services
To administer and analyse our campaigns, promotions, referral programmes, etc. or perform marketing analysis
Verisure’s legal interests
To comply with our legal obligations
To enable restructurings or mergers of the business
To protect our legal interests in the event of a dispute
Complete information about how we process your personal data, including information about the applicable legal bases, the recipients of your personal data, international transfers of personal data and the criteria used to determine applicable retention periods is available here.
Your rights
You have the right to be informed about which personal data relating to you we process and what we do with your personal data. You also have the right of access to your personal data. In certain situations you also have the right to have your personal data erased, to request restriction of the processing of your personal data, the right to data portability as well as the right to object to our processing of your personal data. If we process your personal data based on your consent, you always have the right to withdraw your consent. If you believe that we have processed your data in an unlawful manner, you have the right to lodge a complaint to the United Kingdom’s Information Commissioner’s Office whose contact details are:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113.
Contact details
If you have any questions regarding this Privacy Notice, our processing of your personal data or if you wish to exercise your rights, please do not hesitate to contact us:
Verisure Services (UK) Limited, company registration number 08840095
Postal address: Q12 Quorum Business Park, Benton Lane, Newcastle Upon Tyne, Tyne and Wear, NE12 8BU
E-mail: [email protected]
Data Subject Request Form: Click Here
Website: www.verisure.co.uk
Complete Privacy Notice for Business Customers
If you are a business representative or an assigned user
Contents
General
Your right to data protection is very important to us at Verisure Services (UK) Limited, reg. no. 08840095 (“Verisure”, “we”, “us” or our”). We aim at ensuring that you feel comfortable about our processing of your personal data. The purpose of this privacy notice (“Privacy Notice”) is to provide information about how we ensure that your personal data is processed in compliance with applicable data protection legislation.
This Privacy Notice concerns the processing of personal data when a business customer (“Business Customer”) uses our services, including our products provided for the delivery of our security alarm monitoring services, devices and cameras (“Services”). As such this Privacy Notice applies to you as the representative of our Business Customer (“Business Representative”) and you as a user assigned by our Business Customer (“Assigned User”), such as an employee of our business customer, who uses our Services. Business Customers must ensure that their designated Business Representative, Assigned User or other emergency contact have consented to their personal data being used for this purpose by Verisure.
The Business Customer is asked to ensure that this Privacy Notice is shared with their Business Representatives and Assigned Users.
For more detailed information about the Services which the Business Customer has chosen to use and their functionality, please refer to Verisure's general terms and conditions, terms of service, instructions and manuals, available upon request.
Data Controller and Data Protection Officer
Verisure is the data controller for the processing of your personal data in accordance with this Privacy Notice and we are thus responsible for ensuring that our processing of personal data complies with applicable data protection legislation.
For certain processing of personal data, the Business Customer is the data controller, either independently or jointly with Verisure.
Verisure and the Business Customer are joint controllers for processing of personal data when personal data is collected through the Services and when such personal data is made available to the Business Customer via the Verisure App during an alarm triggering event. The personal data processed in this manner may consist of live streaming or continuous video recording (“CVR”) material (limited to devices which have this functionality), video recordings, pictures or audio from an alarm triggering event. This personal data is available to the Assigned Users automatically and in real time via the Verisure App. Verisure is the designated contact point for the processing of your personal data when Verisure and the Business Customer are joint controllers, including for the exercise of the data subjects’ rights under the GDPR (see section 9). You will find our contact details in section 13.
The Business Customer is an independent data controller when the Business Customer is processing personal data for the following purposes:
Self-controlled monitoring functionalities for the Business Customer’s convenience use (not related to an alarm triggering event), such as live streaming, CVR, recording of video, pictures or audio, or use of video doorbell or smart lock.
Management of the Verisure Services such as the provision of access permissions to Assigned Users by the Business Customer (e.g. employees).
Business Customer’s subsequent processing of the personal data outside of the Verisure environment, e.g., sharing of material with law enforcement or an insurance company.
The scope of this Privacy Notice is limited to the processing of personal data for which Verisure is a data controller, either independently or jointly with the Business Customer. For further information about the Business Customer’s processing of personal data, please contact the Business Customer.
As a condition of installing the Verisure products/devices and making use of the Services, the Business Customer must comply with any legal responsibilities placed on them as a controller under applicable data protection law.
In particular, the obligations relating to: the careful placement of devices to avoid excessive, unfair or unlawful capture of image data; the use of image data in a proportionate, fair manner and for lawful purposes; the installation of signage to ensure individuals entering the location of the monitored premises are aware that the Services are in operation; and the lawful use of image data relating to other individuals.
We have designated a Data Protection Officer (“Data Protection Officer”), who is responsible for monitoring our processing of personal data to ensure that it is carried out in accordance with applicable legislation.
The Data Protection Officer can be reached via [email protected].
Our Processing of Personal Data
In the tables below you can read more about how we at Verisure process your personal data when you use Verisure Services.
Purposes
To enter into a contract with the Business Customer
Verisure is the data controller
To administer the contract with the Business Customers, including payments for Services
Verisure is the data controller
To administer and enable the existing and returning customer relationship with the utmost care
Verisure is the data controller
Verisure and the Business Customer are joint controllers
To monitor the premises through the Services
Verisure and the Business Customer are joint controllers
To manage alarm triggering events
Verisure is the data controller
To follow up previous alarm triggering events
Verisure is the data controller
To ensure that we meet our legal obligations to previously active customers
Verisure is the data controller
Provision of support to the Business Customers in relation to the Services
To provide customer service and technical support in relation to our Services
Verisure is the data controller
To assist Business Customers in case of an insurance claim or other legal claims
Verisure is the data controller
Verisure is the data controller
Verisure is the data controller
Verisure is the data controller
Training of Verisure’s personnel
Verisure is the data controller
Development of Verisure’s Services
Verisure is the data controller
Provision of Verisure App and MyPages
Verisure is the data controller
To provide and administer the Business Customer’s orders in our online shop
Verisure is the data controller
Verisure is the data controller
Verisure is the data controller
To comply with our legal obligations
Verisure is the data controller
To enable restructurings or mergers of the business
Verisure is the data controller
To protect our legal interests in the event of a dispute
Verisure is the data controller
Collection of Personal Data
The personal data that we process may be provided directly by the data subject or from the data subject’s use of or interaction with our Services. Personal data may also be collected via the Business Customer.
In certain situation, we also collect and/or receive personal data from various companies we work with, such as lead generation companies and customer list providers. Whenever possible, we aim to work with companies based in the United Kingdom or the EU/EEA.
Special category personal data
You may consider it necessary to provide information to Verisure about special requirements in order to receive our services, such as health data (i.e. hearing impairment or physical disability), which are relevant for the efficient management of delivering our alarm monitoring services to you. In such cases, Verisure may have to process this information about your health (e.g. regarding impairment of hearing that prevents you from hearing the siren), or other form of disability. In some cases, there may also be instances where we may have to collect and process this information for other legal requirements.
Such health data is a special category of personal data. This means we must treat it with extra care under applicable data protection requirements.
This special category personal data may be provided by you or indirectly during or following your interactions with us (through e.g., chat, e-mail, text messages, calls to our customer services centre or in person during a maintenance visit recorded by our employees).
Where we process such special category personal data we will do so, based on the following legal basis and purposes where:
it is necessary to protect your, or someone else’s, vital interests:
we reasonably believe that you or another person are at risk of harm (if we do not process the data about you) and the processing is necessary to protect you or them from harm or to protect physical, mental or emotional well-being;
we reasonably believe it is necessary to protect the economic well-being of you or another person, where you or that person is less able to protect your own economic well-being by reason of physical or mental injury, illness or disability;
it is necessary for the prevention or detection of an unlawful act;
we need to carry out our obligations or rights in connection with employment, for example where we need to protect our staff members from harm.
we may also collect such data where we have your consent to do so.
Retention of Personal Data
We will only process personal data for the period set out in this Privacy Notice (see section 3).
When we no longer need to process the personal data for the pre-identified purposes or a retention period for the personal data lapses, we will delete it from our systems, databases and backups.
With Whom Do We Share Your Personal Data
Verisure may share personal data with trusted third parties if such sharing is necessary either based on Verisure’s legitimate interest or a legal obligation. Sharing of personal data may also be necessary for us to perform our contractual obligations towards our Business Customers.
Personal data may be shared with other companies in the Verisure Group or with our partner companies in connection with the provision of our Services, as described in the table below. Each recipient of your personal data is subject to corresponding legal or contractual obligations to those obligations which apply to Verisure, including an obligation to process your personal data securely and in accordance with applicable data protection legislation.
We may share your data with:
Categories of personal data that are shared:
With whom do we share your personal data:
Customer experience providers such as Amazon Cloud Cam which provide us with storage services.
Contact details, such as name, telephone number, postal address and e-mail address.
Information in the alarm log , such as information about when the Services are activated and de-activated and any communications between you and Verisure in the context of management of alarm triggering events.Multimedia service providers such as YouTube, LLC and Vimeo Inc., to the extent that you interact with videos hosted by them on the Verisure App.
Information that the mobile device has accessed the corresponding page.
Service providers such as KKC Ltd who process personal data in order to provide requested services.
Contact details, such as name, telephone number, postal address and e-mail address.
Telephone service providers such as Inconcert, who provide services connected to our contact with individuals by phone.
Personal data provided through calls with Verisure.
Partners such as business introducers and online sales sites who provide us with sales services.
Contact details, such as name, telephone number, postal address and e-mail address.
Payment data, such as credit and debit card details, bank account number and other information related to payment of the Service.
Information about the Assigned Users of our Services .
Additional personal data provided by the Business Representative in the correspondence with Verisure regarding sales or customer service matters relating to our contractual relationship (through e.g., chat, e-mail, text messages).Cloud infrastructure providers, such as Microsoft, constituting part of the Verisure infrastructure. The processing of personal data is subject to strict technical and organisational security measures.
All categories of personal data except alarm log data.
Financial Services providers to process payments (e.g. iZettle, GoCardless and Accountis Europe Limited), handle claims, collect debts and for advisory.
Contact details, such as name, telephone number, postal address and e-mail address.
Information in the alarm log , such as information about when you activate and de-activate the alarm monitoring system and any communications between you and Verisure in the context of alarm management.Marketing and market research providers such as Medallia, Expedia, Adobe CMS, Kantar, Meta, Google which Verisure works with to conduct marketing activities, market research and customer research.
Your contact details, such as name, telephone number, postal address and e-mail address.
Information in the alarm log , such as information about when you activate and de-activate the alarm monitoring system and any communications between you and Verisure in the context of alarm management.
Information shared with Meta and Google : Verisure only shares encrypted email addresses with these recipients.Private security companies, such as Aura UK Services Limited, process your personal data in order to respond to incidents when Verisure sends security guards to your property.
Your contact details, such as name, telephone number, postal address and e-mail address.
Images and audio in in an alarm situation , such as images, video and audio that may include your personal data and the personal data of others if they are present when the alarm is triggered.
Additional personal data provided by the Business Representative in your correspondence with us (through e.g., phone, chat, e-mail, text messages).Collaboration partners such as insurance companies and leasing companies who may process your personal data for different purposes if you consent to such sharing.
All categories of personal data, subject to your explicit consent.
Authorities or equivalent third parties, such as the police authority or emergency centre, for example in the event of a break-in or accident.
Your contact details, such as name, telephone number, postal address and e-mail address.
Images and audio in in an alarm situation , such as images, video and audio that may include your personal data and the personal data of others if they are present when the alarm is triggered.
Additional personal data provided by the Business Representative in your correspondence with us (through e.g., chat, e-mail, text messages).The acquirer or other successor in the event of mergers, divestments, restructuring, reorganisation, dissolution and other sale or transfer of Verisure's assets.
All categories of personal data.
Authority or equivalent third party in connection with audits, court proceedings or other similar purposes. The information may be shared for the purposes of complying with legal obligations and protecting our legal interests in the event of a dispute.
All categories of personal data.
Please note that this list may be updated from time to time.
Automated Decision-Making
We do not use automated decision-making.
Where is Your Data Processed?
We aim to always process your personal data in the United Kingdom and the EU/EEA. In some circumstances we may need to transfer your personal data to a country outside of the United Kingdom and the EU/EEA (“Third Country”). In case your personal data is transferred to a Third Country, we will ensure that your personal data will continue to be subject to an essentially equivalent level of protection as in the United Kingdom and the EU/EEA.
Your Rights
As a data controller, we are responsible for ensuring that your personal data is processed in compliance with applicable data protection laws and that you can effectively exercise your rights as a data subject. You may contact us at any time if you wish to exercise your rights. You will find the contact details in the end of this Privacy Notice.
We have an obligation to respond to your requests to exercise your rights within one month from receiving your request. If your request is complex or if we have received many requests, we may extend this deadline by two more months. If we are unable to take the action which you have requested within one month, we will inform you about the reason for the delay and about your right to lodge a complaint to a supervisory authority and to seek a judicial remedy.
You will not be charged for any information, communication or measures that we take to manage and answer to your request. However, if your request is manifestly unfounded or excessive, we may charge an administrative fee for providing the information or taking the action requested or refuse to act on your request altogether.
Your right to access, rectification, erasure and restriction
You have the right to request:
Access to your personal data. This means that you have the right to request access to personal data that we hold about you. You also have the right to be provided, at no cost, information about what personal data we are processing about you. We have the right to charge a reasonable administration fee if you request further copies. If you make a request by electronic means, e.g. via email, we will provide you with the information in commonly used electronic format.
Rectification of your personal data. At your request or on our own initiative, we will correct, anonymise, delete or complete data which we find out is inaccurate, incomplete or misleading. Also, you have the right to request that we correct your personal data if something relevant is missing.
Erasure of your personal data. You have the right to request that we erase your personal data if there is no compelling reason for us to continue processing the personal data. Compelling reasons for us to continue processing may be:
processing is necessary for the right of freedom of expression and information,
processing is necessary to comply with a legal obligation,
processing is necessary for reasons of public interests in the area of public health,
processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes or
processing is necessary for the establishment, exercise or defence of legal claims.
Your personal data will be erased if none of the circumstances above are applicable and if:
the personal data is no longer needed for the purpose for which we collected them,
we process your personal data based on your consent and you withdraw your consent,
you object to us processing your personal data which is based on a legitimate interest assessment, and we have no compelling interests that overrides your interests or rights and freedoms,
we have processed your personal data unlawfully or
we have a legal obligation to erase your personal data.
Right to request restriction processing. Right to request restriction of processing means that we temporarily restrict the processing of your data. You have the right to request restriction when:
you consider your data to be inaccurate and you have requested rectification as defined in paragraph 9.2.1 b), while we establish the accuracy of the personal data,
the processing is unlawful, and you do not want the data to be erased,
as the data controller, we no longer need to process the personal data for our processing purposes, but you need your personal data to be able to establish, exercise or defend a legal claim, or
you have objected to processing as defined in paragraph 9.3, while waiting for our assessment of whether our legitimate interests override yours.
You have the right to object to the processing of your personal data if our processing is based upon legitimate interest (see Section 3 above). If you object to such processing, we will only continue to process your personal data if we have compelling reasons for doing so which override your interests or rights and freedoms or if the processing is necessary for the establishment, exercise or defence of legal claims.
If you do not wish that we use your personal data for direct marketing purposes, you always have the right to object to such processing by contacting us. We will cease to use your personal data for that purpose when we have received your objection.
If we process your personal data based on your consent as the legal basis, you always have the right to withdraw your consent. You can do this at any time by contacting us. Our contact details are found in the end of this Privacy Notice.
You have right to data portability when we process your personal data
by automated means and when the legal basis for the processing is your consent or performance of a contract.
Right to data portability means that you have the right to receive the personal data we process about you in machine-readable format which allows you to transfer these personal data to another data controller. You may also request us to transfer the personal data directly to another data controller.
You have the right to lodge a complaint with the United Kingdom’s Information Commissioner’s Office if you are not satisfied with our processing of your personal data.The contact details are:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
We Protect Your Personal Data
We are committed to ensuring that you always feel comfortable when providing your personal data to us. We have therefore implemented both technical and organisational security measures, including access restrictions and regular internal controls, to best protect your personal data against, for example, unauthorised access, alteration, or loss. Should a data breach that materially impacts you or your personal data, e.g. entailing risk of fraud or identity theft, occur, we will contact you to explain what has happened and to provide you with advice on how you can mitigate any potential adverse effects of such data breach relevant for you.
Cookies
We use cookies and similar technologies (“Cookies”) on our website and app in order to, inter alia, improve your experience with us and to simplify and adapt our website to your needs and preferences. In our Privacy Notice for Website Visitors , we inform you about how we process your personal data when you visit our website or app. If you would like to know more about our use of cookies, please refer to our Cookie Policy here.
Changes to this Privacy Notice
This Privacy Notice was updated in December 2024.
We reserve the right to change this Privacy Notice at any time. The latest version of the notice will always be available on our website.
When we make changes which are not purely linguistic or editorial, you will be notified about the changes within a reasonable time prior to the changes taking effect. If you do not agree to the changes, you have the right to object to the processing before the changes take effect.
How to Contact Us
Our Data Protection Officer acts as the main point of contact for all matters relating to our Privacy Notice. The Data Protection Officer or the local contact person can be contacted by email at [email protected].
If you have any complaints or questions about how we use your personal data, please do not hesitate to contact us:
Verisure Services (UK) Limited, company registration number 08840095
Postal address: Q12 Quorum Business Park, Benton Lane, Newcastle Upon Tyne, Tyne and Wear, NE12 8BU
E-mail: [email protected]
Website: www.verisure.co.uk
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data of the Business Representative in the context of providing the Business Customer with a quote and to enter into a contract with the Business Customer. | Contact details of the Business Representative such as name, telephone number, postal address, and email address. | The processing is based on Verisure’s legitimate interest to enter into a contract with the Business Customer (Article 6.1.f UK GDPR). | The personal data is retained for the duration of the contractual relationship with the Business Customer and for a period of up to 6 years after the termination of the contract. |
What we do: | Categories of personal data : | Legal basis : | The criteria used to determine retention period : |
---|---|---|---|
We process personal data to administer contracts with our Business Customers, for example to manage the installation profile, the user accounts and to process payments for the Services. | Contact details of the Business Representative and Assigned Users such as name, telephone number, postal address, and email address. | The processing is based on Verisure’s legitimate interest to administrate the contract with the Business Customer (Article 6.1.f UK GDPR). | The personal data is retained for the duration of the contractual relationship with the Business Customer and for a period of up to 6 years after the termination of the contract. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data to be able to administer existing customers and reconnect to the installations once the customer relationship is renewed and the equipment needs to be reactivated. | Technical data such as signals as tamper, power restore, periodic test and loose internet connectivity, device/node id number and (past) customer contact details. | The processing is necessary for the commercial legitimate interest of Verisure to enable the device’s reconnection (Article 6.1.f UK GDPR). | The personal data is retained for a period of up to 6 years after the termination of the contract. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
Personal data is collected via Verisure devices to ensure the functioning of the Services as well as to enable detection of alarm triggering events contributing to the safety and security of the Business Customer and individuals present in the monitored premises. | Passive monitoring: | The processing is based on Verisure’s legitimate interest to provide Services to the Business Customers and the Business Customer’s legitimate interest to ensure security of their business and employees (Article 6.1.f UK GDPR). | Signals from Verisure devices and usage information are stored for a period of up to 90 days from the alarm triggering event unless the data is required under sub-section 8.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data to verify the cause of an alarm triggering event. Depending on the type of devices installed, Verisure process images and video recordings of the monitored premises. Image capture and video recording take place without storage. When an alarm is triggered, photos are shot from Verisure installed cameras and transmitted to the Verisure’s Alarm Receiving Centre (“the ARC”). Only certain Verisure employees have access to these images and if there is not alarm trigger, it is not possible for Verisure employees to view the video/images from your camera. In the event of an alarm triggering event, Verisure will record Business Customer’s GPS location to determine whether or not they are at the monitored premises at the time of the alarm. | Personal data collected during an on-going alarm triggering event , such as pictures, video and audio from the monitored premises. The real-time monitoring during an alarm triggering event may entail that sensitive personal data, such as signs of a natural person’s health condition, appear in the content. | The processing is based on Verisure’s legitimate interest to provide Services to the Business Customers and the Business Customer’s legitimate interest to ensure security of their business and employees (Article 6.1.f UK GDPR). | Personal data collected during an on-going alarm triggering event are stored for this purpose for a period of 90 days from the alarm triggering event unless the data is required under sub-section 8.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We follow up previously managed alarm triggering events by contacting the Business Representative to ensure that the management of the alarm triggering event was as efficient as possible and to receive information which could be relevant for any future alarm triggering events. | All information which is processed for the purpose of managing the alarm triggering event (see purpose 2.2). | The processing is based on Verisure’s legitimate interest to provide Services to the Business Customers and to follow-up and ensure as efficient provision of the Services as possible (Article 6.1.f UK GDPR). | Personal data collected during an on-going alarm triggering event are stored for this purpose for a period of 90 days from the alarm triggering event unless the data is required under sub-section 8.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data to maintain our compliance with legal (consumer) obligations. | Past customer contact details as submitted originally for entering into the contract | The processing is necessary for Verisure’s compliance with legal obligations with customers (Article 6.1.c UK GDPR). | The personal data is retained for a period of up to 6 years after the termination of the contract. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data when we provide the support which is requested by the Business Customer relating to the contract, the Services or the technical functioning of the installation. | Depending on the request, any personal data processed for the purposes described in this Privacy Notice. | The processing is based on Verisure’s legitimate interest to provide support to the Business Customers (Article 6.1.f UK GDPR). | The personal data is retained for the duration of the customer service matter and for a period of up to 90 days unless the data is required under sub-section 8.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
To be able to provide the Business Customer with relevant information in case of insurance or other legal claims, we store personal data and the Business Customers’ requests in an archive with appropriate access restrictions. | Personal data collected during an on-going alarm triggering event , such as pictures, video, and audio from the monitored premises. | The processing is based on the Business Customer’s legitimate interest to have access to necessary information in order to handle insurance claims or other legal claims (Article 6.1.f UK GDPR). | Once we remove the Business Representative’s or other Assigned Users’ personal data from the internal database available to the customer service agents, we maintain the personal data collected during an on-going alarm triggering event with accompanying details in an archive with appropriate access restrictions for a period of time to support customers where evidence is required for insurance or other claims based on what practically is deemed a reasonable timeline for receiving such inquiries from customers and the time needed for insurance companies to handle such claims. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
Depending on the nature of the complaint, we may for example investigate how an alarm triggering event was handled to ensure it was properly conducted. | Depending on the nature of the complaint, any necessary personal data processed for the purposes described in this Privacy Notice. | The processing is based on Verisure’s legitimate interest to handle and investigate customer complaints (Article 6.1.f UK GDPR). | We maintain the personal data collected during the handling of a complaint for a period of 3 years from the date of settlement or closure of the complaint. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We may, when necessary, assist law enforcement or regulators where a legal obligation to provide assistance applies or such cooperation is otherwise motivated and based on a formal and written request for information. | Personal data collected during an on-going alarm triggering event , such as pictures, video and audio from the monitored premises. | Processing is necessary to comply with a legal obligation (Article 6.1.c UK GDPR) or | For as long as is required under applicable law. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We record incoming calls to our customer service for quality assurance purposes. | Personal data processed for the purposes of (1) managing alarm triggering events (see 2.2), (2) following up alarm triggering events (see 2.3) and (3) handling customer complaints (see 3.3). | The processing is based on Verisure’s legitimate interest to investigate and ensure that the Services have been provided in the correct manner (Article 6.1.f UK GDPR). | The recorded phone calls are stored for up to 6 months from the call between you and Verisure unless the data is required under sub-section 8.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We record incoming calls to our customer service for the training purposes. | Personal data processed for the purposes of (1) managing alarm triggering events (see 2.2), following up alarm triggering events (see 2.3) and (3) handling customer complaints (see 3.3) in pseudonymised format. | The processing is based on Verisure’s legitimate interest to train its personnel and thus ensure the highest possible level of Service (Article 6.1.f UK GDPR). | The recorded phone calls are stored for up to 6 months from the call between you and Verisure unless the data is required under sub-section 8.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data to further develop our Services, for example by making our devices more precise, improving the customer experience etc. | Personal data processed for the purposes of (1) managing alarm triggering events (see 2.2), following up alarm triggering events (see 2.3) and (3) handling customer complaints (see 3.3) in pseudonymised format. | The processing is based on Verisure’s legitimate interest to develop Verisure’s services thus ensure the highest possible level of Service (Article 6.1.f UK GDPR). | The recorded phone calls are stored for up to 6 months from the call between you and Verisure unless the data is required under sub-section 8.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data to provide certain services online or through mobile devices and to provide information through so-called push messages (e.g., status messages about the alarm system, payment deadlines etc.) to you and your Business Representatives/Assigned Users who have the Verisure App. | Contact details such as name, telephone number, postal address, and email address. | The processing is necessary for the performance of the contract with the Business Customer (Article 6.1.b UK GDPR). | The personal data is retained for the duration of the contractual relationship with the Business Customer and for a period of up to 6 years after the termination of the contract. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We offer online web shop platforms to provide our product assortment for direct sale to business customers. | Account details for placing an order including customer contact details such as name, email address, phone number, password of choice, financial details for payment. | For performance of a contract (Article 6.1.b UK GDPR), as you as a customer agree to our Terms and Conditions to establish the sale of goods. | The account details are maintained for the period of an active customer account and after termination of a customer account in accordance with applicable law in order to meet consumer law obligations applying to our provision of service and queries. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We may market our Services to you via email, post, SMS or telephone. Further, we may use customised online advertising to market our Services. If you do not wish to receive direct marketing , you may always object to this by using the “unsubscribe” link in our communications or by contacting us via [email protected]. | Contact details of the Business Representative such as name, telephone number, postal address, and email address. | The processing is based on Verisure’s legitimate interest to market its services to Verisure’s existing Business Representatives (Article 6.1.f UK GDPR). | The personal data is stored and used throughout the contractual relationship and up to 6 months after the contractual relationship ends. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
When may use your data for market and opinion research purposes. In principle, we evaluate the data anonymously for internal purposes. If, exceptionally, surveys are not evaluated anonymously, the data will only be collected with your consent. | Contact details of the Business Representative such as name, telephone number, postal address, email address and IP address. | The processing is based on Verisure’s legitimate interest to promote and improve its products and services, as well as to administer and analyse its marketing strategies (Article 6.1.f UK GDPR). | The personal data is stored and used throughout the contractual relationship and up to 6 months after the contractual relationship ends. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We may need to process personal data in order to comply with our legal obligations. | All categories of personal data processed for the purposes described in this Privacy Notice. | The processing of personal data is necessary for the performance of Verisure's legal obligations (Article 6.1.c UK GDPR) | The personal data is retained for as long as necessary to comply with the applicable legal obligation. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
In the event that Verisure is restructured, e.g. split into several different businesses, or if a merger occurs, the new company may continue to use your personal data for the same purposes as we have stated in this Privacy Notice, unless you receive different information in connection with the restructuring or merger. | All categories of personal data processed for the purposes described in this Privacy Notice. | The processing is based on Verisure’s legitimate interest to enable a restructuring process or a merger (Article 6.1.f UK GDPR). | If Verisure ceases to exist through a merger, or in the event of restructuring, we will erase the personal data as long as the retention of such personal data is not required by law. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We may need to process your personal data in order to protect our legal interests in the event of a dispute, such as to establish, exercise or defend legal claims. | All categories of personal data processed for the purposes described in this Privacy Notice. | The processing is based on Verisure’s legitimate interest to protect our legal interests in the event of a dispute (Article 6.1.f UK GDPR). | The personal data is retained for as long as they are needed to establish, exercise or defend a legal claim, in any event, for a maximum of 6 years after the termination of the contract. |
Where you choose to provide health data voluntarily which it is not clear to us obviously falls into any of the categories above, we will discuss with you whether we should retain it and, if necessary (and not for the above purposes) will obtain your consent to future processing of that data.
This paragraph only applies to your special category personal data and should be read in conjunction with our wider privacy notice which governs the collection and processing of all personal data about you. If you need more information on the above, or have any queries, please do not hesitate to contact us.
You are a visitor to a business customer of Verisure
Summary - Privacy Notice for Business Customers’s Data Subjects
If you visit premises with Verisure Services
General information and the scope of this Privacy Notice
Your right to data protection is very important for us at Verisure. We aim to ensure that you feel comfortable about our processing of your personal data. The purpose of this privacy notice (“Privacy Notice”) is to provide information about how we ensure that your personal data is processed in compliance with applicable data protection legislation. This Privacy Notice applies to individuals whose personal data is collected through our security alarm monitoring services, devices and cameras used by our Business Customers (“Services”), e.g. if you visit premises where the Services are installed and used.
If you are a Business Customer, please find the applicable Privacy Notice here.
If you are a Residential Customer, please find the applicable Privacy Notice here.
If you visit a residential premises using Verisure Services, please find the applicable Privacy Notice here.
Verisure is the data controller for the processing of your personal data in accordance with this Privacy Notice and we are thus responsible for ensuring that our processing of personal data complies with applicable data protection legislation. For certain processing of personal data, the Business Customer is the data controller, either independently or jointly with Verisure. For further information about the Business Customer’s processing of personal data, please refer to the Business Customer’s own privacy notice.
When we are processing personal data as a data controller, we ensure that applicable data protection legislation is always complied with and that we only process your personal data for the purposes described in this Privacy Notice.
If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority, namely the United Kingdom’s Information Commissioner’s Office whose contact details are:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
How and why we process your personal data
We only process your personal data if the processing is necessary to fulfil the purposes of the processing described below.
We process your personal data for the following purposes:
Provision of Services
To monitor the premises through the Services
To manage alarm triggering events
To follow up previous alarm triggering events
To ensure that we meet our legal obligations in respect of previously active customers
Provision of support to the Business Customers in relation to the Services
To provide customer service and technical support in relation to our Services
To assist Business Customers in case of an insurance claim or other legal claims
To handle customer complaints
To cooperate with law enforcement or regulators to fight crime, comply with our legal obligations or protect the security of our Business Customers
Development of Verisure’s Services
Quality assurance
Training of Verisure’s personnel
Development of Verisure’s Services
Verisure’s legal interests
To comply with our legal obligations
To enable restructurings or mergers of the business
To protect our legal interests in the event of a dispute
Complete information about how we process your personal data, including information about the applicable legal bases, the recipients of your personal data, international transfers of personal data and the criteria used to determine applicable retention periods is available here.
Your rights
You have the right to be informed about which personal data relating to you we process and what we do with your personal data. You also have the right of access to your personal data. In certain situations you also have the right to have your personal data erased, to request restriction of the processing of your personal data, the right to data portability as well as the right to object to our processing of your personal data. If we process your personal data based on your consent, you always have the right to withdraw your consent. If you believe that we have processed your data in an unlawful manner, you have the right to lodge a complaint to the United Kingdom’s Information Commissioner’s Office.
Contact details
If you have any questions regarding this Privacy Notice, our processing of your personal data or if you wish to exercise your rights, please do not hesitate to contact us:
Verisure Services (UK) Limited, company registration number 08840095
Postal address: Q12 Quorum Business Park, Benton Lane, Newcastle Upon Tyne, Tyne and Wear, NE12 8BU
E-mail: [email protected]
Data Subject Request Form: Click Here
Website: www.verisure.co.uk
Complete Privacy Notice for Business Customers’s Data Subjects
If you visit premises with Verisure Services
Contents
General
Your right to data protection is very important to us at Verisure Services (UK) Limited, reg. no. 08840095 (“Verisure”). We aim at ensuring that you feel comfortable about our processing of your personal data. The purpose of this privacy notice (“Privacy Notice”) is to provide information about how we ensure that your personal data is processed in compliance with applicable data protection legislation.
This Privacy Notice applies to individuals whose personal data is collected through our business customer’s (“Business Customer”) security alarm systems and devices provided by Verisure (“Services”), e.g. if you are visiting or working at premises which use the Services.
If you are a Business Customer, Assigned User or Emergency Contact please find the applicable Privacy Notice here.
If you are a Residential Customer, please find the applicable Privacy Notice here.
If you are a visitor of residential premises using Verisure Services, please find the applicable Privacy Notice here.
Data Controller and Data Protection Officer
Verisure is the data controller for the processing of your personal data in accordance with this Privacy Notice and we are thus responsible for ensuring that our processing of personal data complies with applicable data protection legislation.
For certain processing of personal data, the Business Customer is the data controller, either independently or jointly with Verisure.
Verisure and the Business Customer are joint controllers for processing of personal data when personal data is collected through the Services and when such personal data is made available to the Business Customer via the Verisure App during an alarm triggering event. The personal data processed in this manner may consist of live streaming or continuous video recording (“CVR”) material (limited to devices which have this functionality), video recordings, pictures or audio from an alarm triggering event. This personal data is available to the Assigned Users automatically and in real time via the Verisure App. Verisure is the designated contact point for the processing of your personal data when Verisure and the Business Customer are joint controllers, including for the exercise of the data subjects’ rights under the UK GDPR (see section 9). You will find our contact details in section 13.
The Business Customer is an independent data controller when the Business Customer is processing personal data for the following purposes:
Self-controlled monitoring functionalities for the Business Customer’s convenience use (not related to an alarm triggering event), such as live streaming, CVR, recording of video, pictures or audio, or use of video doorbell or smart lock.
Business Customer’s management of the Verisure Services such as the provision of access permissions to third parties by the Business Customer (e.g., employees).
Business Customer’s subsequent processing of the personal data outside of the Verisure environment, e.g., sharing of material with law enforcement or an insurance company.
The scope of this Privacy Notice is limited to the processing of personal data for which Verisure is a data controller, either independently or jointly with the Business Customer. For further information about the Business Customer’s processing of personal data, please contact the Business Customer.
We have designated a Data Protection Officer (“Data Protection Officer”), who is responsible for monitoring our processing of personal data to ensure that it is carried out in accordance with applicable legislation.
The Data Protection Officer can be reached via [email protected].
Our Processing of Personal Data
In the tables below you can read more about how we at Verisure process your personal data when you use Verisure Services.
Purposes
To monitor the premises through the Services
Verisure and the Business Customer are joint controllers
To manage alarm triggering events
Verisure is the data controller
To follow up previous alarm triggering events
Verisure is the data controller
To ensure that we meet our legal obligations in respect of previously active customers
Verisure is the data controller
Provision of support to the Customers in relation to the Services
To provide customer service and technical support in relation to our Services
Verisure is the data controller
To assist Customers in case of an insurance or other legal claim
Verisure is the data controller
Verisure is the data controller
Verisure is the data controller
Verisure is the data controller
Training of Verisure’s personnel
Verisure is the data controller
Development of Verisure’s Services
Verisure is the data controller
To comply with our legal obligations
Verisure is the data controller
To enable restructurings or mergers of the business
Verisure is the data controller
To protect our legal interests in the event of a dispute
Verisure is the data controller
Collection of Personal Data
The personal data that we process may be provided directly by the data subject or from the Business Customer.
Retention of Personal Data
We will only process personal data for the period set out in this Privacy Notice (see section 3).
When we no longer need to process the personal data for the pre-identified purposes or a retention period for the personal data lapses, we will delete it from our systems, databases and backups.
With Whom Do We Share Your Personal Data
Verisure may share personal data with trusted third parties if such sharing is necessary either based on Verisure’s legitimate interest or a legal obligation. Sharing of personal data may also be necessary for us to perform our contractual obligations towards our Business Customers.
Personal data may be shared with other companies in the Verisure Group or with our partner companies in connection with the provision of our Services, as described in the table below. Each recipient of your personal data is subject to corresponding legal or contractual obligations to those obligations which apply to Verisure, including an obligation to process your personal data securely and in accordance with applicable data protection legislation.
We may share your data with:
Categories of personal data that are shared:
Telephone service providers such as Inconcert, who provide services connected to our contact with individuals by phone.
Personal data provided through calls with Verisure.
Cloud infrastructure providers, such as Microsoft, constituting part of the Verisure infrastructure. The processing of personal data is subject to strict technical and organisational security measures.
All categories of personal data.
Private security companies, such as Aura UK Services Limited, process your personal data in order to respond to incidents when Verisure sends security guards to your property.
Your contact details, such as name, telephone number, postal address and e-mail address.
Images and audio in in an alarm situation , such as images, video and audio that may include your personal data and the personal data of others if they are present when the alarm is triggered.
Sensitive personal data, such as health data, if provided by the customer for a specific purpose.
Additional personal data provided by you in your correspondence with us (through e.g., phone, chat, e-mail, text messages).Authorities or equivalent third parties, such as the police authority or emergency centre, for example in the event of a break-in or accident.
Your contact details, such as name, telephone number, postal address and e-mail address.
Images and audio in in an alarm situation , such as images, video and audio that may include your personal data and the personal data of others if they are present when the alarm is triggered.
Sensitive personal data, such as health data, if provided by the customer for a specific purpose.
Additional personal data provided by you in your correspondence with us (through e.g., chat, e-mail, text messages).The acquirer or other successor in the event of mergers, divestments, restructuring, reorganization, dissolution and other sale or transfer of Verisure's assets.
All categories of personal data.
Authority or equivalent third party in connection with audits, court proceedings or other similar purposes. The information may be shared for the purposes of complying with legal obligations and protecting our legal interests in the event of a dispute.
All categories of personal data.
Please note that this list may be updated from time to time.
Automated Decision-Making
We do not use automated decision-making.
Where is Your Data Processed?
We aim to always process your personal data in the United Kingdom and the EU/EEA. In some circumstances we may need to transfer your personal data to a country outside of the United Kingdom and the EU/EEA (“Third Country”). In case your personal data is transferred to a Third Country, we will ensure that your personal data will continue to be subject to an essentially equivalent level of protection as in the United Kingdom and the EU/EEA.
Your Rights
Our responsibility for your rights
As a data controller, we are responsible for ensuring that your personal data is processed in compliance with applicable data protection laws and that you can effectively exercise your rights as a data subject. You may contact us at any time if you wish to exercise your rights. You will find the contact details in the end of this Privacy Notice.
We have an obligation to respond to your requests to exercise your rights within one month from receiving your request. If your request is complex or if we have received many requests, we may extend this deadline by two more months. If we are unable to take the action which you have requested within one month, we will inform you about the reason for the delay and about your right to lodge a complaint to a supervisory authority and to seek a judicial remedy.
You will not be charged for any information, communication or measures that we take to manage and answer to your request. However, if your request is manifestly unfounded or excessive, we may charge an administrative fee for providing the information or taking the action requested or refuse to act on your request altogether.
Your right to access, rectification, erasure and restriction
You have the right to request:
Access to your personal data. This means that you have the right to request access to personal data that we hold about you. You also have the right to be provided, at no cost, information about what personal data we are processing about you. We have the right to charge a reasonable administration fee if you request further copies. If you make a request by electronic means, e.g. via email, we will provide you with the information in commonly used electronic format.
Rectification of your personal data. At your request or on our own initiative, we will correct, anonymise, delete or complete data which we find out is inaccurate, incomplete or misleading. Also, you have the right to request that we correct your personal data if something relevant is missing.
Erasure of your personal data. You have the right to request that we erase your personal data if there is no compelling reason for us to continue processing the personal data. Compelling reasons for us to continue processing may be:
processing is necessary for the right of freedom of expression and information,
processing is necessary to comply with a legal obligation,
processing is necessary for reasons of public interests in the area of public health,
processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes or
processing is necessary for the establishment, exercise or defence of legal claims.
Your personal data will be erased if none of the circumstances above are applicable and if
the personal data is no longer needed for the purpose for which we collected them,
we process your personal data based on your consent and you withdraw your consent,
you object to us processing your personal data which is based on a legitimate interest assessment, and we have no compelling interests that overrides your interests or rights and freedoms,
we have processed your personal data unlawfully or
we have a legal obligation to erase your personal data.
Right to request restriction processing. Right to request restriction of processing means that we temporarily restrict the processing of your data. You have the right to request restriction when:
you consider your data to be inaccurate and you have requested rectification as defined in paragraph 9.2.1 b), while we establish the accuracy of the personal data,
the processing is unlawful, and you do not want the data to be erased,
as the data controller, we no longer need to process the personal data for our processing purposes, but you need your personal data to be able to establish, exercise or defend a legal claim, or
you have objected to processing as defined in paragraph 9.3, while waiting for our assessment of whether our legitimate interests override yours.
We will take all reasonable measures possible to notify everyone who has received personal data as stated in Section 6 above if we have rectified, erased or restricted access to your personal data after you have requested us to do so. At your request, we will provide you with more information about the recipients of your personal data.
You have the right to object to the processing of your personal data if our processing is based upon legitimate interest (see Section 3 above). If you object to such processing, we will only continue to process your personal data if we have compelling reasons for doing so which override your interests or rights and freedoms or if the processing is necessary for the establishment, exercise or defence of legal claims.
If you do not wish that we use your personal data for direct marketing purposes, you always have the right to object to such processing by contacting us . We will cease to use your personal data for that purpose when we have received your objection.
If we process your personal data based on your consent as the legal basis, you always have the right to withdraw your consent. You can do this at any time by contacting us. Our contact details are found in the end of this Privacy Notice.
You have right to data portability when we process your personal data by automated means and when the legal basis for the processing is your consent or performance of a contract.
Right to data portability means that you have the right to receive the personal data we process about you in machine-readable format which allows you to transfer these personal data to another data controller. You may also request us to transfer the personal data directly to another data controller.
You have the right to lodge a complaint with the United Kingdom’s Information Commissioner’s Office if you are not satisfied with our processing of your personal data. The contact details are:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
We Protect Your Personal Data
We are committed to ensuring that you always feel comfortable when providing your personal data to us. We have therefore implemented both technical and organisational security measures, including access restrictions and regular internal controls, to best protect your personal data against, for example, unauthorised access, alteration, or loss. Should a data breach that materially impacts you or your personal data, e.g. entailing risk of fraud or identity theft, occur, we will contact you to explain what has happened and to provide you with advice on how you can mitigate any potential adverse effects of such data breach relevant for you.
Changes to this Privacy Notice
This Privacy Notice was updated in June 2024.
We reserve the right to change this Privacy Notice at any time. The latest version of the notice will always be available on our website.
When we make changes which are not purely linguistic or editorial, you will be notified about the changes within a reasonable time prior to the changes taking effect. If you do not agree to the changes, you have the right to object to the processing before the changes take effect.
How to Contact Us
Our Data Protection Officer acts as the main point of contact for all matters relating to our Privacy Notice. The Data Protection Officer or the local contact person can be contacted by email at [email protected].
If you have any complaints or questions about how we use your personal data, please do not hesitate to contact us:
Verisure Services (UK) Limited, company registration number 08840095
Postal address: Q12 Quorum Business Park, Benton Lane, Newcastle Upon Tyne, Tyne and Wear, NE12 8BU
E-mail: [email protected]
Website: www.verisure.co.uk
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
Personal data is collected via Verisure devices to ensure the functioning of the Services as well as to enable detection of alarm triggering events contributing to the security of the Business Customer and the safety of the individuals in the monitored premises. | P ersonal data collected during an on-going alarm triggering event , such as pictures, video, and audio from the monitored premises. | The processing is based on Verisure’s legitimate interest to provide Services to the Business Customers and the Business Customer’s legitimate interest to ensure security of their premises (Article 6.1.f UK GDPR). | Personal data collected during an on-going alarm triggering event are stored for a period of 90 days from the alarm triggering event unless the data is required under sub-section 4.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data to verify the cause of an alarm triggering event. | Personal data collected during an on-going alarm triggering event , such as pictures, video and audio from the monitored premises. The real-time monitoring during an alarm triggering event may entail that sensitive personal data such as signs of a natural person’s health condition appear in the content. | The processing is based on Verisure’s legitimate interest to provide Services to the Business Customers and the Business Customer’s legitimate interest to ensure security of their premises (Article 6.1.f UK GDPR). | Personal data collected during an on-going alarm triggering event are stored for this purpose for a period of 90 days from the alarm triggering event unless the data is required under sub-section 4.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We follow up previously managed alarm triggering events by contacting the Business Customer to ensure that the management of the alarm triggering event was as efficient as possible and to receive information which could be relevant for any future alarm triggering events. | Personal data collected during an on-going alarm triggering event , such as pictures, video, and audio from the monitored premises. | The processing is based on Verisure’s legitimate interest to provide Services to the Business Customers and to follow-up and ensure as efficient provision of the Services as possible (Article 6.1.f UK GDPR). | Personal data collected during an on-going alarm triggering event are stored for this purpose for a period of 90 days from the alarm triggering event unless the data is required under sub-section 4.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data to maintain our compliance with legal (consumer) obligations. | Past customer contact details as submitted originally for entering into the contract | The processing is necessary for Verisure’s compliance with legal obligations with customers (Article 6.1.c UK GDPR). | The personal data is retained for a period of up to 6 years after the termination of the contract. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data when we provide the support which is requested by the Business Customer relating to the contract, the Services or the technical functioning of the installation. | Personal data collected during an on-going alarm triggering event , such as pictures, video, and audio from the monitored premises. | The processing is based on Verisure’s legitimate interest to provide support to the Business Customers (Article 6.1.f UK GDPR). | The personal data is retained for the duration of the customer service matter and for a period of up to 90 days unless the data is required under sub-section 4.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
To be able to provide the Business Customer with relevant information in case of insurance or other legal claims, we store personal data and the Business Customers’ requests in an archive with appropriate access restrictions. | Personal data collected during an on-going alarm triggering event , such as pictures, video, and audio from the monitored premises. | The processing is based on the Business Customer’s legitimate interest to have access to necessary information in order to handle insurance claims or other legal claims (Article 6.1.f UK GDPR). | Once we remove the Business Customer’s personal data from the internal database available to the customer service agents, we maintain the personal data collected during an on-going alarm triggering event with accompanying details in an archive with appropriate access restrictions for a period of time to support customers where evidence is required for insurance or other claims based on what practically is deemed a reasonable timeline for receiving such inquiries from customers and the time needed for insurance companies to handle such claims. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
Depending on the nature of the complaint, we may for example investigate how an alarm triggering event was handled to ensure it was properly conducted. | Personal data collected during an on-going alarm triggering event , such as pictures, video, and audio from the monitored premises. | The processing is based on Verisure’s legitimate interest to handle and investigate customer complaints (Article 6.1.f UK GDPR). | We maintain the personal data collected during the handling of a complaint for a period of 3 years from the date of settlement or closure of the complaint. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We may, when necessary, assist law enforcement or regulators in case a legal obligation to provide assistance applies or such cooperation is otherwise motivated and based on a formal and written request for information. | Personal data collected during an on-going alarm triggering event , such as pictures, video and audio from the monitored premises. | Processing is necessary to comply with a legal obligation (Article 6.1.c UK GDPR) or | For as long as is required under applicable law. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We perform analyses of previous alarm triggering events to ensure efficient and correct management of alarm triggering events. | Personal data collected during an on-going alarm triggering event , such as pictures, video and audio from the monitored premises. | The processing is based on Verisure’s legitimate interest to investigate and ensure that the Services have been provided in the correct manner (Article 6.1.f UK GDPR). | The personal data is processed for a period of up to 6 years after the termination of the contract. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We perform analyses of previous alarm triggering events to ensure efficient and correct management of alarm triggering events. | Personal data collected during an on-going alarm triggering event , such as pictures, video and audio from the monitored premises in strongly pseudonymised format. | The processing is based on Verisure’s legitimate interest to train its personnel and thus ensure the highest possible level of Service (Article 6.1.f UK GDPR). | The personal data is processed for a period of up to 6 years after the termination of the contract. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data to further develop our Services, for example by making our devices more precise, improving the customer experience etc. | Personal data collected during an on-going alarm triggering event , such as pictures, video and audio from the monitored premises in strongly pseudonymised format. | The processing is based on Verisure’s legitimate interest to develop their Services and thus ensure the highest possible level of Service (Article 6.1.f UK GDPR). | The personal data is processed for a period of up to 6 years after the termination of the contract. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We may need to process personal data in order to comply with our legal obligations. | All categories of personal data processed for the purposes described in this Privacy Notice. | The processing of personal data is necessary for the performance of Verisure's legal obligations (Article 6.1.c UK GDPR) | The personal data is retained for as long as necessary to comply with the applicable legal obligation. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
In the event that Verisure is restructured, e.g. split into several different businesses, or if a merger occurs, the new company may continue to use the personal data for the same purposes as we have stated in this Privacy Notice, unless you receive different information in connection with the restructuring or merger. | All categories of personal data processed for the purposes described in this Privacy Notice. | The processing is based on Verisure’s legitimate interest to enable a restructuring process or a merger (Article 6.1.f UK GDPR). | If Verisure ceases to exist through a merger, or in the event of restructuring, we will erase the personal data as long as the retention of such personal data is not required by law. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We may need to process your personal data in order to protect our legal interests in the event of a dispute, such as to establish, exercise or defend legal claims. | All categories of personal data processed for the purposes described in this Privacy Notice. | The processing is based on Verisure’s legitimate interest to protect our legal interests in the event of a dispute (Article 6.1.f UK GDPR). | The personal data is retained for as long as they are needed to establish, exercise, or defend a legal claim, in any event, for a maximum of 6 years after the termination of the contract. |
Camera Guidance for Business Customers
This guidance will help you to understand what you need to do if you are considering installing, or have already installed, a Verisure camera system at your place of business.
The information in this document is intended to be helpful and practical guidance on generic, common-sense approaches to the installation and use of Verisure alarm system cameras. It is not intended to be legal advice nor a comprehensive explanation of applicable laws and regulations. If readers require specific advice, they should contact a legal professional.
Verisure Camera Systems
Whilst Verisure is able to use the camera system to verify and respond to an alarm signal, you as a business owner are otherwise responsible for using the camera system in a manner which does not infringe applicable laws and regulations. This guidance is intended to help you understand the potential implications of your use of the camera system at a place of business. As use of the camera system involves the processing of images, videos and voices, it is important that you bear in mind that camera, data protection and labour laws may apply.
Laws and Regulations
The following legislation may apply:
Camera surveillance laws and national rules on the operation of cameras. These may contain obligations regarding notification or registration of camera systems, appropriate positioning and notices required in the monitored premises.
Data protection laws, primarily the General Data Protection Regulation (GDPR), which regulate the processing (i.e. all types of action) of personal data. The GDPR may be complemented by national legislation. These laws aim to protect individuals’ right to privacy. As the operator of the camera system, you fall within the definition of a "controller" with respect to the processing of personal data due to the use of the camera system. You are therefore responsible for ensuring that the personal data of individuals captured by the camera system is processed in a compliant way and with due consideration for the privacy of the individuals concerned.
Labour laws or collective agreements, which may include provisions regarding monitoring of employees.
Your Responsibilities
Find out about requirements for a license, registration, or other obligations
In certain instances, video monitoring may only be lawful if you have obtained a valid license or have duly registered the camera system. Additionally, labour laws or collective agreements may impose certain prerequisites that must be met prior to the initiation of video monitoring. Thus, it is essential that you ensure whether any such requirements or obligations are applicable to you prior to the installation of a camera system.
Consider if you have a lawful basis to monitor individuals
The monitoring of individuals entails an invasion of their privacy. Accordingly, any installation of a camera system must be undertaken with due consideration for the privacy rights of such individuals.
You must be able to demonstrate a lawful basis for the operation of the camera system. To achieve this, a distinct purpose for the video monitoring must be established. The mere act of surveillance does not constitute a sufficiently specific purpose, whereas for instance, the prevention of criminal activity or accidents may qualify as such.
A lawful basis that is commonly used in a business context is legitimate interest. For a legitimate interest you must demonstrate that your interest in monitoring certain individuals outweighs their interest in not being monitored.
For instance, an interest in averting criminal activity or accidents may constitute a legitimate interest, provided that the risk of such activities is so significant that the interest in their prevention supersedes the interest of the individuals’ right to privacy. Prior to making this decision, relevant factors such as the nature and frequency of past crimes committed in the area, the severity and consequences of criminal activity, and temporal patterns of criminality should be carefully considered to determine the scope of the monitoring. The scope of the monitoring must be limited to what is necessary to achieve the intended purpose.
Monitoring employees
As a general rule, in order for employee monitoring to be considered legally permissible, the interest of the employer in conducting such monitoring must be of a greater magnitude than the interest of the employee in avoiding such monitoring. This implies that the employer's interest in monitoring should be significant and justified by a legitimate interest, while the employees' interest in not being monitored may be outweighed by this interest. Therefore, the employer should be able to demonstrate that the monitoring is necessary and proportional to the legitimate purpose it serves, and that alternative means of achieving the same purpose are not feasible.
When planning the scope of the camera system, at least the following factors should be taken into consideration:
What is the purpose of the video monitoring?
Is it necessary to monitor the employees or could the purpose be achieved through alternative methods?
How long will the monitoring take place?
How extensive is the area that is being monitored?
How sensitive is the area that is being monitored from a privacy perspective (e.g., bathrooms, lunchrooms, and dressing rooms are most likely prohibited)?
Who has access to images, recordings and audio?
The scope of the camera system should be designed to limit the invasion on the employees’ privacy as much as possible.
In general, it is not considered legitimate to monitor employees to evaluate their work performance. However, monitoring for the purpose of preventing accidents in a potentially hazardous area may be considered a legitimate interest.
Ensure that you are aware of any specific obligations concerning monitoring of employees. Examples of specific obligations could include an obligation to negotiate with the trade union regarding video monitoring measures or an obligation to ensure that personnel having access to the content of the camera system is strictly limited and subjected to a confidentiality agreement. Under certain circumstances, it may be unlawful or prohibited to conduct monitoring of employees.
Installation and positioning of cameras
Our security experts will recommend areas to be monitored, the position of the camera system and how to install cameras in a way that also helps you avoid capturing areas outside your business setting.
They are happy to provide this support based on their experience from advising other customers in similar situations as part of setting up camera systems. However, as you have actual control of the equipment, you are ultimately responsible for ensuring that the equipment is positioned appropriately and that it respects other people’s right to privacy. We strongly recommend that once the system has been installed by our security experts, you do not change the location, placement, or field of view of any of the cameras.
If you are installing or repositioning cameras yourself, here are some principles to bear in mind:
Do not capture outside public areas (e.g. streets and pavements, public parks or parking areas and communal bin collection areas) or someone else’s premises . Some cameras have settings that allow you to mask certain areas in view which can help with avoiding areas outside your premises.
Do not capture indoor public areas within your business (café and restaurant areas, seating areas, counters, bars, etc.) where they are used for recovery, regeneration, and leisure activities as well as in places where individuals stay and/or communicate. Some cameras have settings that allow you to mask certain areas in view which can help with avoiding these areas within your premises. Note, it will still likely be acceptable to monitor entrance and exit areas, corridors and stairways as well as risk areas such as front of cashiers, coat hangers/lockers etc. If just protecting these areas are not effective to protect against break-ins, cameras may be operated at the above-mentioned locations outside opening hours.
Think about the problem you are trying to tackle. It will usually be to safeguard you and your property against crime. If this is the case, only place cameras in areas where you are concerned about a safety or security risk (e.g. potentially vulnerable areas).
Avoid placing cameras in sensitive areas, such as bedrooms, toilets or similar locations where people have high expectations of privacy.
Take particular care to avoid any areas where children or vulnerable adults might be captured by the camera . Vulnerable people are specifically protected under privacy laws.
Consider informing your neighbours what you are installing and listen to any objections or concerns they may have. Ensure that you don’t breach any laws or other rules such as a housing association’s rules or code of conduct.
Capturing audio
Some devices in the camera system may allow you to turn on an audio capture functionality. Typically, the audio capture is turned off by default, but it is possible for you to turn it on. Before turning on the audio capture functionality, you should make sure that this is allowed under applicable laws and regulations. Silently listening in on other people’s conversations through devices may be considered covert surveillance and thus breach laws, including individuals’ right to privacy.
Inform the individuals who are captured by the camera system – Information and signage
You must provide clear and transparent information regarding the camera system to people (e.g. customers, employees and visitors) who may be captured by it. This information should be communicated through clear signage and refer to a privacy notice that contains more comprehensive information, in accordance with the information requirements of the GDPR.
If the camera system has an impact on employees who work in the monitored area, you must also directly and comprehensively explain to them how the system operates.
In addition to being able to answer questions from your customers, employees and visitors about the monitoring, you should set up clear signage providing the most important information about the monitoring. Verisure will provide appropriate signage to you during installation.
The signage should be visible to people before they enter the monitored area.
Multiple signs may be required if you have several entrances and multiple monitored areas.
Your privacy notice ought to be readily available to anyone requesting further information about the monitoring. Your privacy notice should include comprehensive details regarding the intended use, storage, and sharing of any personal data captured by the system, as well as the legal rights of individuals under the GDPR.
This notice can be made available online, and/or maintained in a visible location, such as at a front desk or with a cashier in a shop.
It should also clearly articulate that Verisure may access the content for verification purposes if an alarm is triggered. Below is an example of text that may be used to explain how and when Verisure may process such data in the privacy notice:
“In case an alarm is triggered with the Verisure alarm system, video, pictures and sound can be sent to Verisure’s Alarm Receiving Centre. Such data is processed by Verisure only to the extent that it is strictly necessary to verify an alarm event and manage ongoing incidents. Verisure acts as a controller for this data and you can read more about Verisure’s alarm monitoring practices in their privacy notice which is accessible at this site: www.verisure.co.uk/privacy-notice”
Viewing content
The camera system includes a “remote access” functionality which, depending on the camera type, allows you to capture and view images on your phone or computer (e.g. via My Verisure App or Arlo App).
It is important that you use these features selectively, where there is a genuine need to look back at the image, e.g. where you are concerned that there has been a security incident at the premises which you would like to review or investigate further. You should not use these features to, e.g. monitor an individual or their behaviour. You are responsible for ensuring that your use of the functionality does not breach any applicable laws or regulations.
Sharing content
It is also possible for you to download and share your content, but it is important that you are careful when sharing images and videos of other people. Even when the content is captured in legitimate circumstances, sharing it could violate other people’s right to privacy.
You should only share images with others where you are comfortable that disclosure is necessary and appropriate and will not cause embarrassment or harm to anyone captured in the images.
Be particularly careful about sharing images in any public or semi-public environment, e.g. on the internet or social media.
We recommend that you do not post images on these platforms unless you have explicit consent from each of the individuals in the images.
Plan how the camera system is to be used in a manner that respects privacy
The video monitoring ought to be carefully planned in a manner that minimizes the invasion of the privacy of the individuals who are captured by the camera system. The following considerations should be taken into account, at a minimum:
Determine the areas in which the video monitoring is required and the reasons why it is necessary.
Consider which functions of the camera system are essential in relation to the defined purpose. For instance, recording of sound may not be essential for the prevention of crime.
Adopt internal policies for your business that explicitly state that the material obtained from the camera system shall not be used for any other purpose than the one for which the video monitoring was installed initially.
Ensure that you have the knowledge and capability to handle recordings in case, for instance, a criminal offence is detected.
Make necessary assessments
It may be necessary for you, as a data controller, to prepare a documented risk assessment concerning the video monitoring prior to the installation and utilization of the system. This is required to establish that you have made a knowledgeable decision regarding the reasons for which the system has been installed, the manner in which it is utilised, and the necessity and appropriateness of capturing and utilizing data from the camera system. In particular, a privacy risk assessment is of utmost significance if the video monitoring captures vulnerable individuals who are obliged to spend time in a monitored area, such as children or employees.
Ensure the security of the camera system
While Verisure is responsible for ensuring the technical security and integrity of the camera system, you are responsible for ensuring that the camera system is secure from an organisational perspective, i.e. by determining who is authorised to access and use the camera system. You should take several aspects into account, including:
Only individuals who require access to the material from the camera system should be authorised.
Consider the circumstances under which recorded material can be shared.
Determine whether you are capable of detecting and managing data breaches, such as when an authorised individual uses the camera system in an unauthorised manner.
Ensure that you are able to accommodate individuals’ requests to exercise their legal rights
Individuals whose personal data, e.g. images, are captured by the camera system have rights under the GDPR. It is important to establish procedures to address any requests from individuals to exercise their rights within one month of receiving such requests.
For more information about the rights of data subjects, please visit the United Kingdom’s Information Commissioner’s Office’s website at www.ico.org.uk.
In case of an alarm (Verisure access to the camera system)
If the alarm system triggers an alarm, Verisure’s Alarm Receiving Centre (ARC) will have access to some of the devices in the camera system and to content which the system has automatically captured. Verisure’s access is limited to what is strictly necessary for our ARC to verify and respond to the alarm event. The ARC follows strict protocols and security measures when accessing the content from the camera system. This may involve sharing camera images with law enforcement, emergency services and/or guard services.
In certain jurisdictions, Verisure also provides monitoring functionalities specifically for alarm events through your phone or computer . These functionalities may encompass various features such as live view streaming, continuous video recording, and the capability to record video, photos, and audio. Verisure’s involvement in this processing activity is limited to the initial stages, when personal data is transmitted from Verisure to your phone or computer (e.g. through My Verisure App or Arlo App. Hence, it is important to emphasize that Verisure and the customer are joint controllers for such processing. However, Verisure does not exercise control or influence over any potential subsequent stages of data processing. For instance, if you choose to download material for additional purposes, such as filing a police report or an insurance claim, you are the sole controller and assume full responsibility for such data processing activities.
You are a residential customer of Verisure
Summary - Privacy Notice for Residential Customers
General information and the scope of this Privacy Notice
Your right to data protection is very important for us at Verisure. We aim to ensure that you feel comfortable about our processing of your personal data. The purpose of this privacy notice (“Privacy Notice”)is to provide information about how we ensure that your personal data is processed in compliance with applicable data protection legislation. This Privacy Notice applies to our residential customers (“Residential Customers”) and, when applicable, the individuals assigned by our residential customers (“ Assigned Users ”) who use our services, including our products provided for the delivery of our security alarm monitoring services, devices and cameras (“Services”) as well as emergency contact persons assigned by the Residential Customer (“Emergency Contact”).
If you are a Business Customer, please find the applicable Privacy Notice here.
If you visit a residential premises using Verisure Services, please find the applicable Privacy Notice here.
If you visit a business premises using Verisure Services, please find the applicable Privacy Notice here.
Verisure is the data controller for the processing of your personal data in accordance with this Privacy Notice and we are thus responsible for ensuring that our processing of personal data complies with applicable data protection legislation. For certain processing of personal data, the Residential Customer is the data controller, either independently or jointly with Verisure.
When we are processing personal data as a data controller, we ensure that applicable data protection legislation is always complied with and that we only process your personal data for the purposes described in this Privacy Notice.
For more information about the Services which you have chosen to use and the functionality of those Services, please refer to Verisure's General Terms and Conditions, Terms of Service as well as available instructions and manuals, available upon request.
How and why we process your personal data
We only process your personal data if the processing is necessary to fulfil the purposes of the processing described below.
We process your personal data for the following purposes:
Establishment and maintenance of the customer relationship
To enter into a contract with you
To perform credit checks prior to entering into contract with a Residential Customer
To administer the contract with the Residential Customer, including payments for Services
To administer and enable the existing and returning customer relationship with the utmost care
Provision of Services
To monitor the premises through the Services
To manage alarm triggering events
To follow up previous alarm triggering events
To ensure that we meet our legal obligations to previously active customers
Provision of support to the Residential Customers in relation to the Services
To provide customer service and technical support in relation to our Services
To assist Residential Customers in case of an insurance claim or other legal claims
To handle customer complaints
To cooperate with law enforcement or regulators to fight crime, comply with our legal obligations or protect the safety of our Residential Customers
Development of Verisure’s Services
Quality assurance
Training of Verisure’s personnel
Development of Verisure’s Services
Provision of Verisure App and MyPages
Provision of the Verisure web shop
To provide and administer your orders in our online shop
Marketing and analytics
To market our Services
To administer and analyse our campaigns, promotions, referral programmes, etc. or perform marketing analysis
Verisure’s legal interests
To comply with our legal obligations
To enable restructurings or mergers of the business
To protect our legal interests in the event of a dispute
Complete information about how we process your personal data, including information about the applicable legal bases, the recipients of your personal data, international transfers of personal data and the criteria used to determine applicable retention periods is available here.
Your rights
You have the right to be informed about which personal data relating to you we process and what we do with your personal data. You also have the right of access to your personal data. In certain situations you also have the right to have your personal data erased, to request restriction of the processing of your personal data, the right to data portability as well as the right to object to our processing of your personal data. If we process your personal data based on your consent, you always have the right to withdraw your consent. If you believe that we have processed your data in an unlawful manner, you have the right to lodge a complaint to the United Kingdom’s Information Commissioner’s Office whose contact details are:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113.
Contact details
If you have any questions regarding this Privacy Notice, our processing of your personal data or if you wish to exercise your rights, please do not hesitate to contact us:
Verisure Services (UK) Limited, company registration number 08840095
Postal address: Q12 Quorum Business Park, Benton Lane, Newcastle Upon Tyne, Tyne and Wear, NE12 8BU
E-mail: [email protected]
Data Subject Request Form: Click Here
Website: www.verisure.co.uk
Complete Privacy Notice for Residential Customers
If you are a Residential Customer, Assigned User or Emergency Contact
Contents
General
Your right to data protection is very important to us at Verisure Services (UK) Limited, reg. no. 08840095 (“Verisure”). We aim at ensuring that you feel comfortable about our processing of your personal data. The purpose of this privacy notice (“Privacy Notice”) is to provide information about how we ensure that your personal data is processed in compliance with applicable data protection legislation.
This Privacy Notice applies to our residential customers (“Residential Customers”) and the individuals assigned by our residential customers (“Assigned Users”), such as household members, who use our services, including our products provided for the delivery of our security alarm monitoring services, devices and cameras (“Services”). If the Residential Customer designates contact persons who may be contacted in case of an alarm triggering event (“Emergency Contact”), we also process the personal data of such Emergency Contacts. Residential Customers must ensure that their designated Assigned Users and Emergency Contacts have consented to their personal data being used for this purpose by Verisure.
You, as a Residential Customer, are asked to ensure that you share this Privacy Notice with your Assigned Users and Emergency Contacts.
If you are a Business Customer, please find the applicable Privacy Notice here.
If you are a visitor of residential premises using Verisure Services, please find the applicable Privacy Notice here.
If you are a visitor of business premises using Verisure Services, please find the applicable Privacy Notice here.
For more detailed information about the Services which you have chosen to use and their functionality, please refer to Verisure's general terms and conditions, terms of service, instructions and manuals, available upon request.
Data Controller and Data Protection Officer
Verisure is the data controller for the processing of your personal data in accordance with this Privacy Notice and we are thus responsible for ensuring that our processing of personal data complies with applicable data protection legislation.
For certain processing of personal data, the Residential Customer is the data controller, either independently or jointly with Verisure.
Verisure and the Residential Customer are joint controllers for processing of personal data when personal data is collected through the Services and when such personal data is made available to the Residential Customer via the Verisure App during an alarm triggering event. The personal data processed in this manner may consist of live streaming or continuous video recording (“CVR”) material (limited to devices which have this functionality), video recordings, pictures or audio from an alarm triggering event. This personal data is available to the Assigned Users automatically and in real time via the Verisure App. Verisure is the designated contact point for the processing of your personal data when Verisure and the Residential Customer are joint controller, including for the exercise of the data subjects’ rights under the UK GDPR (see section 9). You will find our contact details in section 13.
The Residential Customer is an independent data controller when the Residential Customer is processing personal data for the following purposes:
Self-controlled monitoring functionalities for the Residential Customer’s convenience use (not related to an alarm triggering event), such as live streaming, CVR, recording of video, pictures or audio, or use of video doorbell or smart lock.
Personal management of the Verisure Services such as the provision of access permissions to third parties by the Residential Customer (e.g., a cleaner, Airbnb guests or neighbours).
Residential Customer’s subsequent processing of the personal data outside of the Verisure environment, e.g., sharing of material with law enforcement or an insurance company.
The scope of this Privacy Notice is limited to the processing of personal data for which Verisure is a data controller, either independently or jointly with the Residential Customer. As a condition of installing the Verisure products/devices and making use of the Services, the Residential Customer must take time to familiarise themselves with applicable data protection legislation and comply with any legal responsibilities placed on them as a controller under those laws. In particular, the obligations relating to: the careful placement of devices to avoid excessive, unfair or unlawful capture of image data; the use of image data in a proportionate, fair manner and for lawful purposes; the installation of signage to ensure individuals entering the location of the monitored premises are aware that the Services are in operation; and the lawful use of image data relating to other individuals. For further information about the Residential Customer’s processing of personal data, please contact the Residential Customer.
We have designated a Data Protection Officer (“ Data Protection Officer ”), who is responsible for monitoring our processing of personal data to ensure that it is carried out in accordance with applicable legislation.
The Data Protection Officer can be reached via [email protected].
Our Processing of Personal Data
In the tables below you can read more about how we at Verisure process your personal data when you use Verisure Services.
Purposes
To enter into a contract with you
Verisure is the data controller
To perform credit checks prior to entering into contract with a Residential Customer
Only if you choose credit payment
To administer the contract with the Residential Customer, including payments for Services
Verisure is the data controller
To administer and enable the existing and returning customer relationship with the utmost care
Verisure is the data controller
To monitor the premises through the Services
Verisure and the Residential Customer are joint controllers
To manage alarm triggering events
Verisure is the data controller
To follow up previous alarm triggering events
Verisure is the data controller
To ensure that we meet our legal obligations in respect to previously active customers
Verisure is the data controller
Provision of support to the Residential Customers in relation to the Services
To provide customer service and technical support in relation to our Services
Verisure is the data controller
To assist Customers in case of an insurance claim or other legal claims
Verisure is the data controller
Verisure is the data controller
Verisure is the data controller
Verisure is the data controller
Training of Verisure’s personnel
Verisure is the data controller
Development of Verisure’s Services
Verisure is the data controller
Verisure is the data controller
To comply with our legal obligations
Verisure is the data controller
To enable restructurings or mergers of the business
Verisure is the data controller
To protect our legal interests in the event of a dispute
Verisure is the data controller
Collection of Personal Data
The personal data that we process may be provided directly by the data subject or from the data subject’s use of or interaction with our Services.
In certain situation, we also collect and/or receive personal data from various companies we work with, such as lead generation companies and customer list providers. Whenever possible, we aim to work with companies based in the United Kingdom or the EU/EEA.
Special category personal data
You may consider it necessary to provide information to Verisure about special requirements in order to receive our services, such as health data (i.e. hearing impairment or physical disability), which are relevant for the efficient management of delivering our alarm monitoring services to you. In such cases, Verisure may have to process this information about your health (e.g. regarding impairment of hearing that prevents you from hearing the siren), or other form of disability. In some cases, there may also be instances where we may have to collect and process this information for other legal requirements.
Such health data is a special category of personal data. This means we must treat it with extra care under applicable data protection requirements.
This special category personal data may be provided by you or indirectly during or following your interactions with us (through e.g., chat, e-mail, text messages, calls to our customer services centre or in person during a maintenance visit recorded by our employees).
Where we process such special category personal data we will do so, based on the following legal basis and purposes where:
it is necessary to protect your, or someone else’s, vital interests:
we reasonably believe that you or another person are at risk of harm (if we do not process the data about you) and the processing is necessary to protect you or them from harm or to protect physical, mental or emotional well-being;
we reasonably believe it is necessary to protect the economic well-being of you or another person, where you or that person is less able to protect your own economic well-being by reason of physical or mental injury, illness or disability;
it is necessary for the prevention or detection of an unlawful act;
we need to carry out our obligations or rights in connection with employment, for example where we need to protect our staff members from harm.
we may also collect such data where we have your consent to do so.
Retention of Personal Data
We will only process personal data for the period set out in this Privacy Notice (see section 3).
When we no longer need to process the personal data for the pre-identified purposes or a retention period for the personal data lapses, we will delete it from our systems, databases and backups.
With Whom Do We Share Your Personal Data
Verisure may share personal data with trusted third parties if such sharing is necessary either based on Verisure’s legitimate interest or a legal obligation. Sharing of personal data may also be necessary for us to perform our contractual obligations towards our Residential Customers.
Personal data may be shared with other companies in the Verisure Group or with our partner companies in connection with the provision of our Services, as described in the table below. Each recipient of your personal data is subject to corresponding legal or contractual obligations to those obligations which apply to Verisure, including an obligation to process your personal data securely and in accordance with applicable data protection legislation.
Please note that this list may be updated from time to time.
Automated Decision-Making
We do not use automated decision-making.
Where is Your Data Processed
We aim to always process your personal data in the United Kingdom and the EU/EEA. In some circumstances we may need to transfer your personal data to a country outside of the United Kingdom and the EU/EEA (“Third Country”). In case your personal data is transferred to a Third Country, we will ensure that your personal data will continue to be subject to an essentially equivalent level of protection as in the United Kingdom and the EU/EEA.
Your Rights
As a data controller, we are responsible for ensuring that your personal data is processed in compliance with applicable data protection laws and that you can effectively exercise your rights as a data subject. You may contact us at any time if you wish to exercise your rights. You will find the contact details in the end of this Privacy Notice.
We have an obligation to respond to your requests to exercise your rights within one month from receiving your request. If your request is complex or if we have received many requests, we may extend this deadline by two more months. If we are unable to take the action which you have requested within one month, we will inform you about the reason for the delay and about your right to lodge a complaint to a supervisory authority and to seek a judicial remedy.
You will not be charged for any information, communication or measures that we take to manage and answer to your request. However, if your request is manifestly unfounded or excessive, we may charge an administrative fee for providing the information or taking the action requested or refuse to act on your request altogether.
Your right to access, rectification, erasure and restriction
You have the right to request:
Access to your personal data. This means that you have the right to request access to personal data that we hold about you. You also have the right to be provided, at no cost, information about what personal data we are processing about you. We have the right to charge a reasonable administration fee if you request further copies. If you make a request by electronic means, e.g. via email, we will provide you with the information in commonly used electronic format.
Rectification of your personal data. At your request or on our own initiative, we will correct, anonymise, delete or complete data which we find out is inaccurate, incomplete or misleading. Also, you have the right to request that we correct your personal data if something relevant is missing.
Erasure of your personal data. You have the right to request that we erase your personal data if there is no compelling reason for us to continue processing the personal data. Compelling reasons for us to continue processing may be:
processing is necessary for the right of freedom of expression and information,
processing is necessary to comply with a legal obligation,
processing is necessary for reasons of public interests in the area of public health,
processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes or
processing is necessary for the establishment, exercise or defence of legal claims.
Your personal data will be erased if none of the circumstances above are applicable and if
the personal data is no longer needed for the purpose for which we collected them,
we process your personal data based on your consent and you withdraw your consent,
you object to us processing your personal data which is based on a legitimate interest assessment, and we have no compelling interests that overrides your interests or rights and freedoms,
we have processed your personal data unlawfully or
we have a legal obligation to erase your personal data.
Right to request restriction processing. Right to request restriction of processing means that we temporarily restrict the processing of your data. You have the right to request restriction when:
you consider your data to be inaccurate and you have requested rectification as defined in paragraph 9.2.1 b), while we establish the accuracy of the personal data,
the processing is unlawful, and you do not want the data to be erased,
as the data controller, we no longer need to process the personal data for our processing purposes, but you need your personal data to be able to establish, exercise or defend a legal claim, or
you have objected to processing as defined in paragraph 9.3, while waiting for our assessment of whether our legitimate interests override yours.
We will take all reasonable measures possible to notify everyone who has received personal data as stated in Section 6 above if we have rectified, erased or restricted access to your personal data after you have requested us to do so. At your request, we will provide you with more information about the recipients of your personal data.
You have the right to object to the processing of your personal data if our processing is based upon legitimate interest (see Section 3 above). If you object to such processing, we will only continue to process your personal data if we have compelling reasons for doing so which override your interests or rights and freedoms or if the processing is necessary for the establishment, exercise or defence of legal claims.
If you do not wish that we use your personal data for direct marketing purposes, you always have the right to object to such processing by contacting us. We will cease to use your personal data for that purpose when we have received your objection.
If we process your personal data based on your consent as the legal basis, you always have the right to withdraw your consent. You can do this at any time by contacting us. Our contact details are found in the end of this Privacy Notice.
You have right to data portability when we process your personal data by automated means and when the legal basis for the processing is your consent or performance of a contract.
Right to data portability means that you have the right to receive the personal data we process about you in machine-readable format which allows you to transfer these personal data to another data controller. You may also request us to transfer the personal data directly to another data controller.
You have the right to lodge a complaint with the United Kingdom’s Information Commissioner’s Office if you are not satisfied with our processing of your personal data. The contact details are:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
We Protect Your Personal Data
We are committed to ensuring that you always feel comfortable when providing your personal data to us. We have therefore implemented both technical and organisational security measures, including access restrictions and regular internal controls, to best protect your personal data against, for example, unauthorised access, alteration, or loss. Should a data breach that materially impacts you or your personal data, e.g. entailing risk of fraud or identity theft, occur, we will contact you to explain what has happened and to provide you with advice on how you can mitigate any potential adverse effects of such data breach relevant for you.
Changes to this Privacy Notice
This Privacy Notice was updated in December 2024.
We reserve the right to change this Privacy Notice at any time. The latest version of the notice will always be available on our website.
When we make changes which are not purely linguistic or editorial, you will be notified about the changes within a reasonable time prior to the changes taking effect. If you do not agree to the changes, you have the right to object to the processing before the changes take effect.
How to Contact Us
Our Data Protection Officer acts as the main point of contact for all matters relating to our Privacy Notice. The Data Protection Officer or the local contact person can be contacted by email at [email protected].
If you have any complaints or questions about how we use your personal data, please do not hesitate to contact us:
Verisure Services (UK) Limited, company registration number 08840095
Postal address: Q12 Quorum Business Park, Benton Lane, Newcastle Upon Tyne, Tyne and Wear, NE12 8BU
E-mail: [email protected]
Website: www.verisure.co.uk
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data to provide the Residential Customer with a quote and to enter into a contract with the Residential Customer. | Contact details of the Residential Customer such as name, telephone number, postal address, and email address. | The processing is necessary for the performance of a contract with the Residential Customer (Article 6.1.b UK GDPR). | The personal data is retained for the duration of the contractual relationship with the Residential Customer and for a period of up to 6 years after the termination of the contract. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We may perform a high-level “soft” external credit check (through Equifax) of new Residential Customers. | Information included in the credit check report received from the credit check agency in relation to your financial standing based on publicly available data such as county court judgements and credit search history. | The processing is based on your consent to secure payment for the Services when credit payment is chosen as the method of payment (Article 6.1.a UK GDPR). | The personal data is retained for the duration of the contractual relationship with the Residential Customer and for a period of up to 6 years after the termination of the contract. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data to administer our contract with the Residential Customer, for example to manage the installation profile, the user accounts and to process payments for the Services. Where you opt for credit financing, we may share your information with credit financing companies such as HUMM and PAYPLANET who process your payment of our subscription fees and provide you with the requested credit facilities. | Contact details of the Residential Customer such as name, telephone number, postal address, and email address. | The processing is necessary for the performance of a contract with the Residential Customer (Article 6.1.b UK GDPR). | The personal data is retained for the duration of the contractual relationship with the Residential Customer and for a period of up to 6 years after the termination of the contract. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data to be able to administer existing customers and reconnect to the installations once the customer relationship is renewed and the equipment needs to be reactivated. | Technical data such as signals as tamper, power restore, periodic test and loose internet connectivity, device/node id number and (past) customer contact details. | The processing is necessary for the commercial legitimate interest of Verisure to enable the device’s reconnection (Article 6.1.f UK GDPR). | The personal data is retained for a period of up to 6 years after the termination of the contract. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
Personal data is collected via Verisure devices to ensure the functioning of the Services as well as to enable detection of alarm triggering events contributing to the safety and security of the Residential Customer and other individuals in the monitored premises. | Passive monitoring: | The processing is based on Verisure’s legitimate interest to provide Services to the Residential Customers and the Residential Customer’s legitimate interest to ensure security of their home (Article 6.1.f UK GDPR). | Signals from Verisure devices and usage information are stored for a period of up to 90 days from the alarm triggering event unless the data is required under sub-section 8.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data to verify the cause of an alarm triggering event. | Personal data collected during an on-going alarm triggering event, such as pictures, video and audio from the monitored premises. The real-time monitoring during an alarm triggering event may entail that sensitive personal data, such as signs of a natural person’s health condition appear in the content. | The processing is based on Verisure’s legitimate interest to provide Services to the Residential Customers and the Residential Customer’s legitimate interest to ensure security of their home (Article 6.1.f UK GDPR). | Personal data collected during an on-going alarm triggering event are stored for this purpose for a period of 90 days from the alarm triggering event unless the data is required under sub-section 8.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We follow up previously managed alarm triggering events by contacting the Residential Customer to ensure that the management of the alarm triggering event was as efficient as possible and to receive information which could be relevant for any future alarm triggering events. | All information which is processed for the purpose of managing the alarm triggering event (see purpose 2.2 ). | The processing is based on Verisure’s legitimate interest to provide Services to the Residential Customers and to follow-up and ensure as efficient provision of the Services as possible (Article 6.1.f UK GDPR). | Personal data collected during an on-going alarm triggering event are stored for this purpose for a period of 90 days from the alarm triggering event unless the data is required under sub-section 8.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data to maintain our compliance with legal (consumer) obligations. | Past customer contact details as submitted originally for entering into the contract. | The processing is necessary for Verisure’s compliance with legal obligations with customers (Article 6.1.c UK GDPR). | The personal data is retained for a period of up to 6 years after the termination of the contract. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data when we provide the support which is requested by the Residential Customer relating to the contract, the Services or the technical functioning of the installation. | Depending on the customer request, any personal data processed for the purposes described in this Privacy Notice. | The processing is based on Verisure’s legitimate interest to provide support to the Residential Customers (Article 6.1.f UK GDPR). | The personal data is retained for the duration of the customer service matter and for a period of up to 90 days unless the data is required under sub-section 8.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
To be able to provide you with relevant information in case of insurance or other legal claims, we store personal data and the Residential Customers’ requests in an archive with appropriate access restrictions. | Personal data collected during an on-going alarm triggering event, such as pictures, video, and audio from the monitored premises. | The processing is based on the Residential Customer’s legitimate interest to have access to necessary information in order to handle insurance claims or other legal claims (Article 6.1.f UK GDPR). | Once we remove the Residential Customer’s personal data from the internal database available to the customer service agents, we maintain the personal data collected during an on-going alarm triggering event with accompanying details in an archive with appropriate access restrictions for a period of time to support customers where evidence is required for insurance or other claims based on what practically is deemed a reasonable timeline for receiving such inquiries from customers and the time needed for insurance companies to handle such claims. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
Depending on the nature of the complaint, we may for example investigate how an alarm triggering event was handled to ensure it was properly conducted. | Depending on the nature of the complaint, any necessary personal data processed for the purposes described in this Privacy Notice. | The processing is based on Verisure’s legitimate interest to handle and investigate customer complaints (Article 6.1.f UK GDPR). | We maintain the personal data collected during the handling of a complaint for a period of 3 years from the date of settlement or closure of the complaint. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We may, when necessary, assist law enforcement or regulators where a legal obligation to provide assistance applies or such cooperation is otherwise motivated and based on a formal and written request for information. | Personal data collected during an on-going alarm triggering event, such as pictures, video and audio from the monitored premises. | Processing is necessary to comply with a legal obligation (Article 6.1.c UK GDPR) or | For as long as is required under applicable law. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We record incoming calls to our customer service for quality assurance purposes. | Personal data processed for the purposes of (1) managing alarm triggering events ( see 2.2 ), (2) following up alarm triggering events ( see 2.3 ) and (3) handling customer complaints ( see 3.3 ). | The processing is based on Verisure’s legitimate interest to investigate and ensure that the Services have been provided in the correct manner (Article 6.1.f UK GDPR). | The recorded phone calls are stored for up to 6 months from the call between you and Verisure unless the data is required under sub-section 8.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We record incoming calls to our customer service for the training purposes. | Personal data processed for the purposes of (1) managing alarm triggering events ( see 2.2 ), following up alarm triggering events ( see 2.3 ) and (3) handling customer complaints ( see 3.3 ) in pseudonymised format. | The processing is based on Verisure’s legitimate interest to train its personnel and thus ensure the highest possible level of Service (Article 6.1.f UK GDPR). | The recorded phone calls are stored for up to 6 months from the call between you and Verisure unless the data is required under sub-section 8.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data to further develop our Services, for example by making our devices more precise, improving the customer experience etc. | Personal data processed for the purposes of (1) managing alarm triggering events ( see 2.2 ), following up alarm triggering events ( see 2.3 ) and (3) handling customer complaints ( see 3.3 ) in pseudonymised format. | The processing is based on Verisure’s legitimate interest to develop Verisure’s services thus ensure the highest possible level of Service (Article 6.1.f UK GDPR). | The recorded phone calls are stored for up to 6 months from the call between you and Verisure unless the data is required under sub-section 8.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data to provide certain services online or through mobile devices and to provide information through so-called push messages (e.g., status messages about the alarm system, payment deadlines etc.) to you and your Assigned Users who have the Verisure App. | Contact details of the Residential Customer such as name, telephone number, postal address, and email address. | The processing is necessary for the performance of the contract with the Residential Customer (Article 6.1.b UK GDPR). | Personal data is retained for the duration of the contract and for a period of up to 6 years after the termination of the contract. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We offer online web shop platforms to provide our product assortment for direct sale to customers. | Account details for placing an order including customer contact details such as name, email address, phone number, password of choice, financial details for payment. | For performance of a contract (Article 6.1.b UK GDPR), as you as a customer agree to our Terms and Conditions to establish the sale of goods. | The account details are maintained for the period of an active customer account and after termination of a customer account in accordance with applicable law in order to meet consumer law obligations applying to our provision of service and queries. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We may market our Services to you via email, post, SMS or telephone. Further, we may use customised online advertising to market our Services. If you do not wish to receive direct marketing, you may always object to this by using the “unsubscribe” link in our communications or by contacting us via [email protected]. | Contact details of the Residential Customer such as name, telephone number, postal address, and email address. | The processing is based on Verisure’s legitimate interest to market its services to Verisure’s existing Residential Customers (Article 6.1.f UK GDPR). | Personal data is stored and used throughout the contractual relationship and up to 6 months after the contractual relationship ends. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
When may use your data for market and opinion research purposes. In principle, we evaluate the data anonymously for internal purposes. If, exceptionally, surveys are not evaluated anonymously, the data will only be collected with your consent. | Contact details of the Residential Customer such as name, telephone number, postal address, email address and IP address. | The processing is based on Verisure’s legitimate interest to promote and improve its products and services, as well as to administer and analyse its marketing strategies (Article 6.1.f UK GDPR). | Personal data is stored and used throughout the contractual relationship and up to 6 months after the contractual relationship ends. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We may need to process personal data in order to comply with our legal obligations. | All categories of personal data processed for the purposes described in this Privacy Notice. | The processing of personal data is necessary for the performance of Verisure's legal obligations (Article 6.1.c UK GDPR) | The personal data is retained for as long as necessary to comply with the applicable legal obligation. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
In the event that Verisure is restructured, e.g. split into several different businesses, or if a merger occurs, the new company may continue to use your personal data for the same purposes as we have stated in this Privacy Notice, unless you receive different information in connection with the restructuring or merger. | All categories of personal data processed for the purposes described in this Privacy Notice. | The processing is based on Verisure’s legitimate interest to enable a restructuring process or a merger (Article 6.1.f UK GDPR). | If Verisure ceases to exist through a merger, or in the event of restructuring, we will erase the personal data as long as the retention of such personal data is not required by law. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We may need to process your personal data in order to protect our legal interests in the event of a dispute, such as to establish, exercise or defend legal claims. | All categories of personal data processed for the purposes described in this Privacy Notice. | The processing is based on Verisure’s legitimate interest to protect our legal interests in the event of a dispute (Article 6.1.f UK GDPR). | The personal data is retained for as long as they are needed to establish, exercise or defend a legal claim, in any event, for a maximum of 6 years after the termination of the contract. |
Where you choose to provide health data voluntarily which it is not clear to us obviously falls into any of the categories above, we will discuss with you whether we should retain it and, if necessary (and not for the above purposes) will obtain your consent to future processing of that data.
This paragraph only applies to your special category personal data and should be read in conjunction with our wider privacy notice which governs the collection and processing of all personal data about you. If you need more information on the above, or have any queries, please do not hesitate to contact us.
We may share your data with: | Categories of personal data that are shared: |
---|---|
Customer experience providers such as Amazon Cloud Cam which provide us with storage services. | Contact details, such as name, telephone number, postal address and e-mail address. |
Multimedia service providers such as YouTube, LLC and Vimeo Inc., to the extent that you interact with videos hosted by them on the Verisure App. | Information that the mobile device has accessed the corresponding page. |
Service providers such as KKC Ltd who process personal data in order to provide requested services. | Contact details, such as name, telephone number, postal address and e-mail address. |
Telephone service providers such as Verint, Genesys and Inconcert, who provide services connected to our contact with individuals by phone. | Personal data provided through calls with Verisure. |
Credit reference agency Equifax who conduct an affordability check (“soft” credit checks). | We may provide details such as name and address. |
Partners such as business introducers and online sales sites who provide us with sales services. | Contact details, such as name, telephone number, postal address and e-mail address. |
Cloud infrastructure providers, such as Microsoft, constituting part of the Verisure infrastructure. The processing of personal data is subject to strict technical and organisational security measures. | All categories of personal data except alarm log data. |
Financial Services providers to process payments (e.g. iZettle, GoCardless and Accountis Europe Limited), handle claims, collect debts and for advisory. | Contact details, such as name, telephone number, postal address and e-mail address. |
Marketing and market research providers such as Medallia, Expedia, Adobe CMS, Kantar, Meta, Google which Verisure works with to conduct marketing activities, market research and customer research. | Your contact details, such as name, telephone number, postal address and e-mail address. |
Private security companies, such as Aura UK Services Limited, process your personal data in order to respond to incidents when Verisure sends security guards to your property. | Your contact details, such as name, telephone number, postal address and e-mail address. |
Collaboration partners such as insurance companies and leasing companies who may process your personal data for different purposes if you consent to such sharing. | All categories of personal data, subject to your explicit consent. |
Authorities or equivalent third parties, such as the police authority or emergency centre, for example in the event of a break-in or accident. | Your contact details, such as name, telephone number, postal address and e-mail address. |
The acquirer or other successor in the event of mergers, divestments, restructuring, reorganisation, dissolution and other sale or transfer of Verisure's assets. | All categories of personal data. |
Authority or equivalent third party in connection with audits, court proceedings or other similar purposes. The information may be shared for the purposes of complying with legal obligations and protecting our legal interests in the event of a dispute. | All categories of personal data. |
You are a visitor to a residential customer of Verisure
Summary - Privacy Notice for Residential Customers’s Data Subjects
If you visit premises with Verisure Services
General information and the scope of this Privacy Notice
Your right to data protection is very important for us at Verisure. We aim to ensure that you feel comfortable about our processing of your personal data. The purpose of this privacy notice (“Privacy Notice”) is to provide information about how we ensure that your personal data is processed in compliance with applicable data protection legislation. This Privacy Notice applies to individuals whose personal data is collected through our home security alarm monitoring services, devices and cameras used by our Residential Customers (“Services”), e.g. if you visit premises where the Services are installed and used.
If you are a Residential Customer, please find the applicable Privacy Notice here.
If you are a Business Customer, please find the applicable Privacy Notice here.
If you visit a business premises using Verisure Services, please find the applicable Privacy Notice here.
Verisure is the data controller for the processing of your personal data in accordance with this Privacy Notice and we are thus responsible for ensuring that our processing of personal data complies with applicable data protection legislation. For certain processing of personal data, the Residential Customer is the data controller, either independently or jointly with Verisure. For further information about the Residential Customer’s processing of personal data, please refer to the Residential Customer for more information.
When we are processing personal data as a data controller, we ensure that applicable data protection legislation is always complied with and that we only process your personal data for the purposes described in this Privacy Notice.
If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority, namely the United Kingdom’s Information Commissioner’s Office whose contact details are:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
How and why we process your personal data
We only process your personal data if the processing is necessary to fulfil the purposes of the processing described below.
We process your personal data for the following purposes:
Provision of Services
To monitor the premises through the Services
To manage alarm triggering events
To follow up previous alarm triggering events
To ensure that we meet our legal obligations in respect of previously active customers
Provision of support to the Residential Customers in relation to the Services
To provide customer service and technical support in relation to our Services
To assist Customers in case of an insurance claim or other legal claims
To handle customer complaints
To cooperate with law enforcement or regulators to fight crime, comply with our legal obligations or protect the safety of our Residential Customers
Development of Verisure’s Services
Quality assurance
Training of Verisure’s personnel
Development of Verisure’s Services
Verisure’s legal interests
To comply with our legal obligations
To enable restructurings or mergers of the business
To protect our legal interests in the event of a dispute
Complete information about how we process your personal data, including information about the applicable legal bases, the recipients of your personal data, international transfers of personal data and the criteria used to determine applicable retention periods is available here.
Your rights
You have the right to be informed about which personal data relating to you we process and what we do with your personal data. You also have the right of access to your personal data. In certain situations you also have the right to have your personal data erased, to request restriction of the processing of your personal data, the right to data portability as well as the right to object to our processing of your personal data. If we process your personal data based on your consent, you always have the right to withdraw your consent. If you believe that we have processed your data in an unlawful manner, you have the right to lodge a complaint to the United Kingdom’s Information Commissioner’s Office.
Contact details
If you have any questions regarding this Privacy Notice, our processing of your personal data or if you wish to exercise your rights, please do not hesitate to contact us:
Verisure Services (UK) Limited, company registration number 08840095
Postal address: Q12 Quorum Business Park, Benton Lane, Newcastle Upon Tyne, Tyne and Wear, NE12 8BU
E-mail: [email protected]
Data Subject Request Form: Click Here
Website: www.verisure.co.uk
Complete Privacy Notice for Residential Customers’s Data Subjects
If you visit premises with Verisure Services
Contents
General
Your right to data protection is very important to us at Verisure Services (UK) Limited, reg. no. 08840095 (“Verisure”). We aim at ensuring that you feel comfortable about our processing of your personal data. The purpose of this privacy notice (“Privacy Notice”) is to provide information about how we ensure that your personal data is processed in compliance with applicable data protection legislation.
This Privacy Notice applies to individuals whose personal data is collected through our residential customer’s (“Residential Customer”) home security alarm systems and devices provided by Verisure, (“Services”), e.g. if you are visiting a premises which use the Services.
If you are a Residential Customer, Assigned User or Emergency Contact please find the applicable Privacy Notice here.
If you are a Business Customer, please find the applicable Privacy Notice here.
If you are a visitor of business premises using Verisure Services, please find the applicable Privacy Notice here.
Data Controller and Data Protection Officer
Verisure is the data controller for the processing of your personal data in accordance with this Privacy Notice and we are thus responsible for ensuring that our processing of personal data complies with applicable data protection legislation.
For certain processing of personal data, the Residential Customer is the data controller, either independently or jointly with Verisure.
Verisure and the Residential Customer are joint controllers for processing of personal data when personal data is collected through the Services and when such personal data is made available to the Residential Customer via the Verisure App during an alarm triggering event. The personal data processed in this manner may consist of live streaming or continuous video recording (“CVR”) material (limited to devices which have this functionality), video recordings, pictures or audio from an alarm triggering event. This personal data is available to the Assigned Users automatically and in real time via the Verisure App. Verisure is the designated contact point for the processing of your personal data when Verisure and the Residential Customer are joint controller, including for the exercise of the data subjects’ rights under the UK GDPR (see section 9). You will find our contact details in section 13.
The Residential Customer is an independent data controller when the Residential Customer is processing personal data for the following purposes:
Self-controlled monitoring functionalities for the Residential Customer’s convenience use (not related to an alarm triggering event), such as live streaming, CVR, recording of video, pictures or audio, or use of video doorbell or smart lock.
Personal management of the Verisure Services such as the provision of access permissions to third parties by the Residential Customer (e.g., a cleaner, Airbnb guests or neighbours).
Residential Customer’s subsequent processing of the personal data outside of the Verisure environment, e.g., sharing of material with law enforcement or an insurance company.
The scope of this Privacy Notice is limited to the processing of personal data for which Verisure is a data controller, either independently or jointly with the Residential Customer. For further information about the Residential Customer’s processing of personal data, please contact the Residential Customer.
We have designated a Data Protection Officer (“Data Protection Officer”), who is responsible for monitoring our processing of personal data to ensure that it is carried out in accordance with applicable legislation.
The Data Protection Officer can be reached via [email protected].
Our Processing of Personal Data
In the tables below you can read more about how we at Verisure process your personal data when you use Verisure Services.
Purposes
To monitor the premises through the Services
Verisure and the Residential Customer are joint controllers
To manage alarm triggering events
Verisure is the data controller
To follow up previous alarm triggering events
Verisure is the data controller
To ensure that we meet our legal obligations in respect of previously active customers
Verisure is the data controller
Provision of support to the Customers in relation to the Services
To provide customer service and technical support in relation to our Services
Verisure is the data controller
To assist Customers in case of an insurance or other legal claim
Verisure is the data controller
Verisure is the data controller
Verisure is the data controller
Verisure is the data controller
Training of Verisure’s personnel
Verisure is the data controller
Development of Verisure’s Services
Verisure is the data controller
To comply with our legal obligations
Verisure is the data controller
To enable restructurings or mergers of the business
Verisure is the data controller
To protect our legal interests in the event of a dispute
Verisure is the data controller
Collection of Personal Data
The personal data that we process may be provided directly by the data subject or from the Business Customer.
Retention of Personal Data
We will only process personal data for the period set out in this Privacy Notice (see section 3).
When we no longer need to process the personal data for the pre-identified purposes or a retention period for the personal data lapses, we will delete it from our systems, databases and backups.
With Whom Do We Share Your Personal Data
Verisure may share personal data with trusted third parties if such sharing is necessary either based on Verisure’s legitimate interest or a legal obligation. Sharing of personal data may also be necessary for us to perform our contractual obligations towards our Residential Customers.
Personal data may be shared with other companies in the Verisure Group or with our partner companies in connection with the provision of our Services, as described in the table below. Each recipient of your personal data is subject to corresponding legal or contractual obligations to those obligations which apply to Verisure, including an obligation to process your personal data securely and in accordance with applicable data protection legislation.
We may share your data with:
Categories of personal data that are shared:
Telephone service providers such as Inconcert, who provide services connected to our contact with individuals by phone.
Personal data provided through calls with Verisure.
Cloud infrastructure providers, such as Microsoft, constituting part of the Verisure infrastructure. The processing of personal data is subject to strict technical and organisational security measures.
All categories of personal data.
Private security companies, such as Aura UK Services Limited, process your personal data in order to respond to incidents when Verisure sends security guards to your property.
Your contact details, such as name, telephone number, postal address and e-mail address.
Images and audio in in an alarm situation , such as images, video and audio that may include your personal data and the personal data of others if they are present when the alarm is triggered.
Sensitive personal data, such as health data, if provided by the customer for a specific purpose.
Additional personal data provided by you in your correspondence with us (through e.g., phone, chat, e-mail, text messages).Authorities or equivalent third parties, such as the police authority or emergency centre, for example in the event of a break-in or accident.
Your contact details, such as name, telephone number, postal address and e-mail address.
Images and audio in in an alarm situation , such as images, video and audio that may include your personal data and the personal data of others if they are present when the alarm is triggered.
Sensitive personal data, such as health data, if provided by the customer for a specific purpose.
Additional personal data provided by you in your correspondence with us (through e.g., chat, e-mail, text messages).The acquirer or other successor in the event of mergers, divestments, restructuring, reorganization, dissolution and other sale or transfer of Verisure's assets.
All categories of personal data.
Authority or equivalent third party in connection with audits, court proceedings or other similar purposes. The information may be shared for the purposes of complying with legal obligations and protecting our legal interests in the event of a dispute.
All categories of personal data.
Please note that this list may be updated from time to time.
Automated Decision-Making
We do not use automated decision-making.
Where is Your Data Processed?
We aim to always process your personal data in the United Kingdom and the EU/EEA. In some circumstances we may need to transfer your personal data to a country outside of the United Kingdom and the EU/EEA (“Third Country”). In case your personal data is transferred to a Third Country, we will ensure that your personal data will continue to be subject to an essentially equivalent level of protection as in the United Kingdom and the EU/EEA.
Your Rights
As a data controller, we are responsible for ensuring that your personal data is processed in compliance with applicable data protection laws and that you can effectively exercise your rights as a data subject. You may contact us at any time if you wish to exercise your rights. You will find the contact details in the end of this Privacy Notice.
We have an obligation to respond to your requests to exercise your rights within one month from receiving your request. If your request is complex or if we have received many requests, we may extend this deadline by two more months. If we are unable to take the action which you have requested within one month, we will inform you about the reason for the delay and about your right to lodge a complaint to a supervisory authority and to seek a judicial remedy.
You will not be charged for any information, communication or measures that we take to manage and answer to your request. However, if your request is manifestly unfounded or excessive, we may charge an administrative fee for providing the information or taking the action requested or refuse to act on your request altogether.
Your right to access, rectification, erasure and restriction
You have the right to request:
Access your personal data. This means that you have the right to request access to personal data that we hold about you. You also have the right to be provided, at no cost, information about what personal data we are processing about you. We have the right to charge a reasonable administration fee if you request further copies. If you make a request by electronic means, e.g. via email, we will provide you with the information in commonly used electronic format.
Rectification of your personal data. At your request or on our own initiative, we will correct, anonymise, delete or complete data which we find out is inaccurate, incomplete or misleading. Also, you have the right to request that we correct your personal data if something relevant is missing.
Erasure of your personal data. You have the right to request that we erase your personal data if there is no compelling reason for us to continue processing the personal data. Compelling reasons for us to continue processing may be:
processing is necessary for the right of freedom of expression and information,
processing is necessary to comply with a legal obligation,
processing is necessary for reasons of public interests in the area of public health,
processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes or
processing is necessary for the establishment, exercise or defence of legal claims.
Your personal data will be erased if none of the circumstances above are applicable and if
the personal data is no longer needed for the purpose for which we collected them,
we process your personal data based on your consent and you withdraw your consent,
you object to us processing your personal data which is based on a legitimate interest assessment, and we have no compelling interests that overrides your interests or rights and freedoms,
we have processed your personal data unlawfully or
we have a legal obligation to erase your personal data.
Right to request restriction processing. Right to request restriction of processing means that we temporarily restrict the processing of your data. You have the right to request restriction when:
you consider your data to be inaccurate and you have requested rectification as defined in paragraph 9.2.1 b), while we establish the accuracy of the personal data,
the processing is unlawful, and you do not want the data to be erased,
as the data controller, we no longer need to process the personal data for our processing purposes, but you need your personal data to be able to establish, exercise or defend a legal claim, or
you have objected to processing as defined in paragraph 9.3, while waiting for our assessment of whether our legitimate interests override yours.
We will take all reasonable measures possible to notify everyone who has received personal data as stated in Section 6 above if we have rectified, erased or restricted access to your personal data after you have requested us to do so. At your request, we will provide you with more information about the recipients of your personal data.
You have the right to object to the processing of your personal data if our processing is based upon legitimate interest (see Section 3 above). If you object to such processing, we will only continue to process your personal data if we have compelling reasons for doing so which override your interests or rights and freedoms or if the processing is necessary for the establishment, exercise or defence of legal claims.
If you do not wish that we use your personal data for direct marketing purposes, you always have the right to object to such processing by contacting us. We will cease to use your personal data for that purpose when we have received your objection.
If we process your personal data based on your consent as the legal basis, you always have the right to withdraw your consent. You can do this at any time by contacting us. Our contact details are found in the end of this Privacy Notice.
You have right to data portability when we process your personal data by automated means and when the legal basis for the processing is your consent or performance of a contract.
Right to data portability means that you have the right to receive the personal data we process about you in machine-readable format which allows you to transfer these personal data to another data controller. You may also request us to transfer the personal data directly to another data controller.
You have the right to lodge a complaint with the United Kingdom’s Information Commissioner’s Office if you are not satisfied with our processing of your personal data. The contact details are:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
We Protect Your Personal Data
We are committed to ensuring that you always feel comfortable when providing your personal data to us. We have therefore implemented both technical and organisational security measures, including access restrictions and regular internal controls, to best protect your personal data against, for example, unauthorised access, alteration, or loss. Should a data breach that materially impacts you or your personal data, e.g. entailing risk of fraud or identity theft, occur, we will contact you to explain what has happened and to provide you with advice on how you can mitigate any potential adverse effects of such data breach relevant for you.
Changes to This Privacy Notice
This Privacy Notice was updated in June 2024.
We reserve the right to change this Privacy Notice at any time. The latest version of the notice will always be available on our website.
When we make changes which are not purely linguistic or editorial, you will be notified about the changes within a reasonable time prior to the changes taking effect. If you do not agree to the changes, you have the right to object to the processing before the changes take effect.
How to Contact Us
Our Data Protection Officer acts as the main point of contact for all matters relating to our Privacy Notice. The Data Protection Officer or the local contact person can be contacted by email at [email protected].
If you have any complaints or questions about how we use your personal data, please do not hesitate to contact us:
Verisure Services (UK) Limited, company registration number 08840095
Postal address: Q12 Quorum Business Park, Benton Lane, Newcastle Upon Tyne, Tyne and Wear, NE12 8BU
E-mail: [email protected]
Website: www.verisure.co.uk
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
Personal data is collected via Verisure devices to ensure the functioning of the Services as well as to enable detection of alarm triggering events contributing to the safety and security of the Residential Customer and other individuals in the monitored premises. | Personal data collected during an on-going alarm triggering event , such as pictures, video, and audio from the monitored premises. | The processing is based on Verisure’s legitimate interest to provide Services to the Residential Customers and the Residential Customer’s legitimate interest to ensure security of their home (Article 6.1.f UK GDPR). | Personal data collected during an on-going alarm triggering event are stored for a period of 90 days from the alarm triggering event unless the data is required under sub-section 4.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data to verify the cause of an alarm triggering event. | Personal data collected during an on-going alarm triggering event , such as pictures, video and audio from the monitored premises. The real-time monitoring during an alarm triggering event may entail that sensitive personal data such as signs of a natural person’s health condition appear in the content. | The processing is based on Verisure’s legitimate interest to provide Services to the Residential Customers and the Residential Customer’s legitimate interest to ensure security of their home (Article 6.1.f UK GDPR). | Personal data collected during an on-going alarm triggering event are stored for this purpose for a period of 90 days from the alarm triggering event unless the data is required under sub-section 4.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We follow up previously managed alarm triggering events by contacting the Residential Customer to ensure that the management of the alarm triggering event was as efficient as possible and to receive information which could be relevant for any future alarm triggering events. | Personal data collected during an on-going alarm triggering event , such as pictures, video, and audio from the monitored premises. | The processing is based on Verisure’s legitimate interest to provide Services to the Residential Customers and to follow-up and ensure as efficient provision of the Services as possible (Article 6.1.f UK GDPR). | Personal data collected during an on-going alarm triggering event are stored for this purpose for a period of 90 days from the alarm triggering event unless the data is required under sub-section 4.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data to maintain our compliance with legal (consumer) obligations. | Past customer contact details as submitted originally for entering into the contract | The processing is necessary for Verisure’s compliance with legal obligations with customers (Article 6.1.c UK GDPR). | The personal data is retained for a period of up to 6 years after the termination of the contract. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data when we provide the support which is requested by the Residential Customer relating to the contract, the Services or the technical functioning of the installation. | Personal data collected during an on-going alarm triggering event , such as pictures, video, and audio from the monitored premises. | The processing is based on Verisure’s legitimate interest to provide support to the Residential Customers (Article 6.1.f UK GDPR). | The personal data is retained for the duration of the customer service matter and for a period of up to 90 days unless the data is required under sub-section 4.3. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
To be able to provide the Residential Customer with relevant information in case of insurance or other legal claims, we store personal data and the Residential Customers’ requests in an archive with appropriate access restrictions. | Personal data collected during an on-going alarm triggering event , such as pictures, video, and audio from the monitored premises. | The processing is based on the Residential Customer’s legitimate interest to have access to necessary information in order to handle insurance claims or other legal claims (Article 6.1.f UK GDPR). | Once we remove the Residential Customer’s personal data from the internal database available to the customer service agents, we maintain the personal data collected during an on-going alarm triggering event with accompanying details in an archive with appropriate access restrictions for a period of time to support customers where evidence is required for insurance or other claims based on what practically is deemed a reasonable timeline for receiving such inquiries from customers and the time needed for insurance companies to handle such claims. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
Depending on the nature of the complaint, we may for example investigate how an alarm triggering event was handled to ensure it was properly conducted. | Personal data collected during an on-going alarm triggering event , such as pictures, video, and audio from the monitored premises. | The processing is based on Verisure’s legitimate interest to handle and investigate customer complaints (Article 6.1.f UK GDPR). | We maintain the personal data collected during the handling of a complaint for a period of 3 years from the date of settlement or closure of the complaint. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We may, when necessary, assist law enforcement or regulators where a legal obligation to provide assistance applies or such cooperation is otherwise motivated and based on a formal and written request for information. | Personal data collected during an on-going alarm triggering event , such as pictures, video and audio from the monitored premises. | Processing is necessary to comply with a legal obligation (Article 6.1.c UK GDPR) or | For as long as is required under applicable law. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We perform analyses of previous alarm triggering events to ensure efficient and correct management of alarm triggering events. | Personal data collected during an on-going alarm triggering event , such as pictures, video and audio from the monitored premises. | The processing is based on Verisure’s legitimate interest to investigate and ensure that the Services have been provided in the correct manner (Article 6.1.f UK GDPR). | The personal data is processed for a period of up to 6 years after the termination of the contract. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We perform analyses of previous alarm triggering events to ensure efficient and correct management of alarm triggering events. | Personal data collected during an on-going alarm triggering event , such as pictures, video and audio from the monitored premises in strongly pseudonymised format. | The processing is based on Verisure’s legitimate interest to train its personnel and thus ensure the highest possible level of Service (Article 6.1.f UK GDPR). | The personal data is processed for a period of up to 6 years after the termination of the contract. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We process personal data to further develop our Services, for example by making our devices more precise, improving the customer experience etc. | Personal data collected during an on-going alarm triggering event , such as pictures, video and audio from the monitored premises in strongly pseudonymised format. | The processing is based on Verisure’s legitimate interest to develop their Services and thus ensure the highest possible level of Service (Article 6.1.f UK GDPR). | The personal data is processed for a period of up to 6 years after the termination of the contract. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We may need to process personal data in order to comply with our legal obligations. | All categories of personal data processed for the purposes described in this Privacy Notice. | The processing of personal data is necessary for the performance of Verisure's legal obligations (Article 6.1.c UK GDPR) | The personal data is retained for as long as necessary to comply with the applicable legal obligation. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
In the event that Verisure is restructured, e.g. split into several different businesses, or if a merger occurs, the new company may continue to use the personal data for the same purposes as we have stated in this Privacy Notice, unless you receive different information in connection with the restructuring or merger. | All categories of personal data processed for the purposes described in this Privacy Notice. | The processing is based on Verisure’s legitimate interest to enable a restructuring process or a merger (Article 6.1.f UK GDPR). | If Verisure ceases to exist through a merger, or in the event of restructuring, we will erase the personal data as long as the retention of such personal data is not required by law. |
What we do: | Categories of personal data: | Legal basis: | The criteria used to determine retention period: |
---|---|---|---|
We may need to process your personal data in order to protect our legal interests in the event of a dispute, such as to establish, exercise or defend legal claims. | All categories of personal data processed for the purposes described in this Privacy Notice. | The processing is based on Verisure’s legitimate interest to protect our legal interests in the event of a dispute (Article 6.1.f UK GDPR). | The personal data is retained for as long as they are needed to establish, exercise, or defend a legal claim, in any event, for a maximum of 6 years after the termination of the contract. |
Camera Guidance for Residential Customers
This guidance will help you to understand what you need to do if you are considering installing, or have already installed, a Verisure camera system in your home.
The information in this document is intended to be helpful and practical guidance on generic, common-sense approaches to the installation and use of Verisure alarm system cameras. It is not intended to be legal advice nor a comprehensive explanation of applicable laws and regulations. If readers require specific advice, they should contact a legal professional.
Verisure Camera System
Whilst Verisure is able to use the camera system to verify and respond to an alarm signal, you as a homeowner are otherwise responsible for using the camera system in a manner which does not infringe applicable laws and regulations.
This guidance is intended to help you understand the potential implications of your use of the camera system in your home. As use of the camera system involves the processing of images, videos and voices, it is important that you bear in mind that camera and data protection laws may apply.
Laws and Regulations
The following legislation may apply:
Camera surveillance laws and national rules on the operation of cameras. These may contain obligations regarding notification or registration of camera systems, appropriate positioning and notices required in the monitored premises.
Data protection laws, primarily the General Data Protection Regulation (GDPR), which regulate the processing (i.e. all types of action) of personal data. The GDPR may be complemented by national legislation. These laws aim to protect individuals’ right to privacy. As the operator of the camera system, you fall within the definition of a "controller" with respect to the processing of personal data that is due to the use of the camera system. You are therefore responsible for ensuring that the personal data of individuals captured by the camera system is processed in a compliant way and with due consideration for the privacy of the individuals concerned.
Your Responsibilities
The household exemption
When you use the camera system in a manner that the content is exclusively captured from your own premises, the processing of personal data is most likely to be considered as being of a purely private nature. Under such circumstances, you are exempted from the extensive legal obligations set out in the GDPR because of the so-called “household exemption”. Nevertheless, it is important that you use the camera system in a responsible manner with respect for affected individuals’ privacy.
To the extent that the camera system is directed outwards from your private setting and covers - even partially - a public space, the household exemption will not apply. For example, the household exemption probably does not apply if you:
rent out your business premises (e.g. through AirBnB),
monitor the activities of workers or domestic staff working on your premises,
capture content outside your property (e.g. street, parking areas or neighbouring property, communal bin collection area), or
share images on social media or other public spaces.
For more information about the household exemption please visit the United Kingdom’s Information Commissioner’s Office’s website www.ico.org.uk/.
Installation and positioning of cameras
During installation, our security experts will recommend areas to be monitored, the position of the camera system and how to install cameras in a way that also helps you avoid capturing areas outside your private setting.
They are happy to provide this support based on their experience from advising other customers in similar situations as part of setting up camera systems. However, as you have actual control of the equipment, you are ultimately responsible for ensuring that the equipment is positioned appropriately and that it respects other people’s right to privacy. We strongly recommend that once the system has been installed by our security experts, you do not change the location, placement, or field of view of any of the cameras.
If you are installing or repositioning cameras yourself, here are some principles to bear in mind:
Do not capture outside public or shared areas (e.g. streets and pavements, public parks or parking areas, communal bin collection area) or your neighbour’s premises. Some cameras have settings that allow you to mask certain areas in view which can help with avoiding areas outside of your premises.
Do not capture indoor public/shared areas within your residence (fitness facilities, seating areas, counters, lounge areas, etc.) where they are used for recovery, regeneration, and leisure activities as well as in places where individuals stay and/or communicate. Some cameras have settings that allow you to mask certain areas in view which can help with avoiding these areas within your premises.
Think about the problem you are trying to tackle. It will usually be to safeguard you and your property against crime. If this is the case, only place cameras in areas where you are concerned about a safety or security risk (e.g. potentially vulnerable areas).
Avoid placing cameras in sensitive areas, such as bedrooms, toilets or similar locations where people have high expectations of privacy.
Take particular care to avoid any areas where children or vulnerable adults might be captured by the camera . Vulnerable people are specifically protected under privacy laws.
Consider informing your neighbours what you are installing and listen to any objections or concerns they may have. Ensure that you don’t breach any laws or other rules such as a housing association’s rules or code of conduct.
Capturing audio
Typically, audio capture functionality is turned off by default, but it may be possible for you to turn it on. Before turning on the audio capture functionality, you should make sure that this is allowed under applicable laws and regulations. Silently listening in on other people’s conversations through devices may be considered covert surveillance and thus breach laws, including individuals’ right to privacy.
Information and signage
You have an obligation to inform people about the camera system. In addition to being able to answer questions from your neighbours and visitors about the monitoring, you should set up clear signage providing the most important information about the monitoring. Verisure will provide appropriate signage to you during installation.
The signage should be visible to people before they enter the monitored area.
Multiple signs may be required if you have several entrances and multiple monitored areas.
Learn more about Verisure alarm deterrent signage and stickers.
Viewing content
The camera system includes a “remote access” functionality which, depending on the camera type, allows you to capture and view images on your phone or computer (e.g. via My Verisure App or Arlo App).
It is important that you use these features selectively, where there is a genuine need to look back at the image, e.g. where you are concerned that there has been a security incident at the premises which you would like to review or investigate further. You should not use these features to, e.g. monitor an individual or their behaviour. You are responsible for ensuring that your use of the functionality does not breach any applicable laws or regulations.
Sharing content
It is also possible for you to share your content, but it is important that you are careful when sharing images and videos of other people. Even when the content is captured in legitimate circumstances, sharing it could violate other people’s right to privacy.
You should only share images with others where you are comfortable that disclosure is necessary and appropriate and will not cause embarrassment or harm to anyone captured in the images.
Be particularly careful about sharing images in any public or semi-public environment, e.g. on the internet or social media.
We recommend that you do not post images on these platforms unless you have explicit consent from each of the individuals in the images.
In Case of an Alarm (Verisure Access to the Camera System)
If the alarm system triggers an alarm, Verisure’s Alarm Receiving Centre (ARC) will have access to some of the devices in the camera system and to content which the system has automatically captured. Verisure’s access is limited to what is strictly necessary for our ARC to verify and respond to the alarm event. The ARC follows strict protocols and security measures when accessing the content from the camera system. This may involve sharing camera images with law enforcement, emergency services and/or guard services.
In certain jurisdictions, Verisure also provides monitoring functionalities specifically for alarm events via phone or computer These functionalities may encompass various features such as live view streaming, continuous video recording, and the capability to record video, photos, and audio. Verisure’s involvement in this processing activity is limited to the initial stages, when personal data is transmitted from Verisure to your phone or computer (e.g. through My Verisure App or Arlo App. Hence, it is important to emphasize that Verisure and its customers do not exercise control or influence over any potential subsequent stages of data processing. For instance, if you choose to download material for additional purposes, such as filing a police report or an insurance claim, you should be mindful of your responsibilities and ensure compliance with the household exemption.